Common use of Data Protection Program Clause in Contracts

Data Protection Program. During the term of the Agreement, Processor shall implement and maintain at all times appropriate technical and organizational measures to ensure the processing of personal data meets the requirements of the Agreement (including this Addendum) and applicable EU Data Protection Laws, including technical and organizational measures to protect the security, confidentiality, availability and integrity of personal data (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data). Such technical and organizational measures shall include (as appropriate based on the risk to data subjects): (a) the pseudonymisation and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal data. In assessing the appropriate level of security account shall be taken in particular of all the risks that are presented by processing, for example, from accidental or unlawful destruction, loss, or alteration, unauthorized or unlawful storage, processing, access or disclosure of personal data.