Common use of TECHNICAL AND ORGANISATIONAL MEASURES Clause in Contracts

TECHNICAL AND ORGANISATIONAL MEASURES. 7.1. Taking into account the state of the art, the cost of implementation, and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organisational (a) the pseudonymisation and encryption of personal data, especially during the transfer and storage of such data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. 7.2. The Processor declares and warrants that it has a Business Continuity / Disaster Recovery Plan, which allows the continuity of all the means required for the provision of the services of the Agreement and their uninterrupted and unobstructed provision to the Cyprus Energy Regulatory Authority and the availability of personal data. 7.2.1. Periodically update and test the above Business Continuity / Disaster Recovery Plan, in accordance with industry best practices; 7.2.2. Inform the Data Protection Officer of the Cyprus Energy Regulatory Authority without delay of any development, which may substantially affect its ability to carry out the processing effectively and in accordance with the Legislative Framework; 7.2.3. Inform the Data Protection Officer of the Cyprus Energy Regulatory Authority for any event of its inability to provide services, without delay from the occurrence of the event and immediately after its completion, unless otherwise specified in the Data Processing Addendum. 7.3. The Processor is obliged, when assessing the appropriate level of security of Processing, to take into account in particular the risks from such processing and especially from the personal data breach. 7.4. The technical and organisational measures governing any processing are specified in the relevant Data Processing Addendum.