Security, etc. 4.1 Article 32 GDPR stipulates that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Customer and Supplier shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The Customer shall evaluate the risks to the rights and freedoms of natural persons inherent in the Processing and implement measures to mitigate those risks. 4.2 According to Article 32 GDPR, the Supplier shall also - independently from the Customer - evaluate the risks to the rights and freedoms of natural persons inherent in the Processing and implement measures to mitigate those risks. Furthermore, the Supplier shall assist the Customer in ensuring compliance with the Customer’s obligations pursuant to Articles 32 GDPR, by inter alia providing the Customer with information concerning the technical and organisational measures already implemented by the Supplier pursuant to Article 32 GDPR along with all other information necessary for the Customer to comply with the Customer’s obligation under Article 32 GDPR. If subsequently - in the assessment of the Customer - mitigation of the identified risks require further measures to be implemented by the Supplier, than those already implemented by the Supplier pursuant to Article 32 GDPR, the Customer shall specify these additional measures to be implemented in Appendix 1.
Appears in 2 contracts
Sources: Data Processing Agreement, Data Processing Agreement