Processing security. The processor is obliged to take all necessary measures to guarantee security of processing. The person responsible is entitled to the Processors to issue instructions in this regard at any time. These instructions are to be implemented immediately by the processor, and to other (sub) processors of the processor, that they are permitted to use.
Processing security. 4.1 Plecto shall implement all measures required by Article 32 of the Data Protection Regulation, which shall include, appropriate technical and organizational measures, to ensure a level of safety fitting these risks.
Processing security. The Data Processor has partnered with sub-processors to ensure secure and robust data processing. The data will be physically placed in external data centres or in the Data Processor’s own server rooms. The Data Processor continuously receives statements from sub-processors that ensure that the sub-processors meet the Data Processor’s policies in the mentioned areas. The Data Processor’s policies with regard to data security relate to: Physical security of data Access control Personal access card and/or code is required to access the facilities where the data is located.
Processing security. 6.1 The Contractor will take all necessary and appropriate technical and organizational measures in accordance with Article 32 of the GDPR, to ensure a sufficient level of protection for Client Data. This takes into account the state of technology, the implementation costs and the nature, scope, circumstances and purposes of the processing of Client Data, as well as the varying likelihood and severity of the risk to the rights and freedoms of the data subjects.
Processing security. In the processing, the Processor has taken suitable technical and organisational security measures, with due account of the state of the art, the costs of implementation and the nature, scope, context and purposes of the personal data, as well as risks of varying likelihood and severity to the rights and freedoms of natural persons. Such security measures shall protect the data provided against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure, abuse or other processing in violation of the provisions of the Personal Data Protection Act or, after the General Data Protection Regulation enters into force, the General Data Protection Regulation. The Parties agree that the implemented measures are sufficient on the date of the signing of the Agreement. The Processor shall thereafter regularly assess the adequacy of the implemented measures. Changes to the security level attributable to changes in the Controller’s circumstances shall be agreed separately. When the Controller has informed the Processor in writing that the Controller is subject to the Security Order (Order no. 528 of 15/06/2000 with subsequent amendments), the Processor shall also comply with the Order with regard to the processing of personal data on behalf of the Controller, for as long as the Order is applicable.
Processing security. 4.1 Fenerum shall implement all measures required by Article 32 of the Data Protection Regulation, which shall include, appropriate technical and organizational measures, to ensure a level of safety fitting these risks.
Processing security. The Data Processor will initiate the level of security and all measures required in accordance with the Data Processing Agreement and the instructions of the Data Controller, cf. Appendix C.1, any data security requirements that are specified in the Main Agreement and its appendices, and oth- erwise in accordance with the General Data Protection Regulation, Article 32. Given this, and taking into account the current technical level, implementation costs and the na- ture, scope, context and purpose of the processing, as well as the risks of varying probability and severity to the rights and freedoms of natural persons, the Data Processor will conduct the appro- priate technical and organisational measures to ensure a level of security that is appropriate for these risks. What constitutes appropriate technical and organisational measures must also be assessed in rela- tion to the specific system, the purpose of the processing and the type of personal data. In the assessment of the appropriate level of security, consideration will also be given to the risks posed by the processing, namely in the event of accidental or illegal destruction, loss, alteration, unauthorised disclosure or access to personal data that has been transmitted, stored or otherwise processed. The above obligation implies that the Data Processor must conduct a risk assessment for the data subjects that are linked to the ongoing risk assessment of the Data Processor in accordance with ISO 27001 and then implement measures to address identified risks. Depending on what is relevant and thus established in the instructions and any data security requirements as specified in the Main Agreement and its appendices, this may include the following measures: Encryption of personal data The Data Processor shall develop guidelines for securing external communication lines and must take measures to ensure that those who are unauthorised cannot access data through these con- nections. Anonymisation/pseudonymisation of test data The Data Controller is responsible for designing the test data, including anonymisation or pseu- donymisation of this data. The Data Processor implements the test data provided by the Data Controller in the relevant systems and solutions. Accessibility The Data Processor must be able to restore the availability and access to personal data in a timely manner in the event of an accidental physical or technical incident. Logging The Data Processor must ensure that event logging for r...
