Common use of APPROPRIATE TECHNICAL AND ORGANISATIONAL MEASURES Clause in Contracts

APPROPRIATE TECHNICAL AND ORGANISATIONAL MEASURES. 8.1 The Data Processor must implement appropriate and reasonable technical and organizational measures to ensure a level of security that matches the risks of data processing for the processing of Personal Data which the Data Controller provides under this Data Processing Agreement, including reasonably ensuring a) Pseudonymization and encryption of Personal Data; b) continuous confidentiality, integrity, availability and robustness of the processing systems and services for which the Data Processor is responsible; c) timely recovery of the availability of and access to Personal Data in case of a physical or technical incident; d) a procedure for regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure processing security; e) that Personal Data is n ot accidentally or unlawfully destroyed, lost or impaired and against any unauthorized disclosure, abuse or in any other way is processed in violation of any applicable law on Personal Data. 8.2 The Data Processor shall determine the appropriate level of technical and organizational measures. When determining this, the Data Processor must particularly consider the risks related to the processing, i.e. the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Personal Data which has been transmitted, stored or processed in any other way. 8.3 Data Processor shall, upon prior written request from the Data Controller, and within reasonable time-limits provide the Data Controller with sufficient information to document that the abovementioned technical and organizational security measures have been taken.

APPROPRIATE TECHNICAL AND ORGANISATIONAL MEASURES. 8.1 The Data Processor must implement appropriate and reasonable technical and organizational measures to ensure a level of security that matches the risks of data processing for the processing of Personal Data which the Data Controller provides under this Data Processing Agreement, including reasonably ensuring a) Pseudonymization and encryption of Personal Data; b) continuous confidentiality, integrity, availability and robustness of the processing systems and services for which the Data Processor is responsible; c) timely recovery of the availability of and access to Personal Data in case of a physical or technical incident; d) a procedure for regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure processing security; e) that Personal Data is n ot not accidentally or unlawfully destroyed, lost or impaired and against any unauthorized disclosure, abuse or in any other way is processed in violation of any applicable law on Personal Data. 8.2 The Data Processor shall determine the appropriate level of technical and organizational measures. When determining this, the Data Processor must particularly consider the risks related to the processing, i.e. the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Personal Data which has been transmitted, stored or processed in any other way. 8.3 Data Processor shall, upon prior written request from the Data Controller, and within reasonable time-limits provide the Data Controller with sufficient information to document that the abovementioned technical and organizational security measures have been taken.