Common use of Personal Data Security Clause in Contracts

Personal Data Security. 5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures (Annex 2) to ensure a level of Controller Personal Data security appropriate to the risk, including but not limited to: 5.1.1. Pseudonymization and encryption; 5.1.2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 5.1.3. The ability to restore the availability and access to Controller Personal Data in a timely manner in the event of a physical or technical incident; and 5.1.4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.