(83) In order to maintain security and prevent processing that does not comply with this Regulation, the controller or processor should assess the risks inherent in the processing and implement measures - such as encryption - that minimize those risks. Such measures should ensure an adequate level of security, including confidentiality, and take into account the state of the art and the cost of their implementation in relation to the risks and nature of the personal data to be protected. In assessing data security risks, consideration should be given to the risks associated with the processing of personal data - such as accidental or unlawful destruction, loss, modification, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed - and which may, in particular, lead to physical harm, property damage or non-property damage.