Security of processing
Security of processing The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter “personal data breach”). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it...
Security of processing-Sicurezza del trattamento
Security of processing The level of security shall take into account that the processing may involve confidential and special catgetories of personal data (ref. Article 9 GDPR), depending of the scope of the assignment. Confidential information may be social security number, salary, bank account numbers, etc. Special categories may include trade union membership and health information (sick leaves, etc.). The data processor shall hereafter be entitled and under obligation to make decisions about the technical and organisational security measures that are to be applied to create the necessary level of data security. The data processor shall however - in any event and at a minimum - implement the following measures that have been agreed with the data controller: All systems require personal logon with password. All systems containing confidental information have muliti factor authentication logon All computers may be remotely locked and erased by IT department. All employees must annualy complete a security awareness program. Access to systems, mail, etc. via phones, pads, etc, have the same security measures as computers. Data is encrypted during transfer. There is access control at all locations, and all data centeres have a high level physical access control C.3. Assistance to the data controller The data processor shall insofar as this is possible - within the scope and the extent of the assistance specified below - assist the data controller in accordance with Clause 9.1. and 9.2. The data subjects primary contact is the data controller. If the data processor is contacted by the data subject with regards to Clause 9.1, the data processor will forward the request ot the data controller. The data processor will assist the data controller in the data controller's compliance with the rights mentioned in Clause 8.1. The data controller will invoice such assistance according to the current price list. Such request from the data controller may be adressed to the data processor's regular case handler, or through the form found on Amesto Trust Center (xxxxx://xxx.xxxxxx.xxx/amesto-trust-center/security/notification/). If the data controller does not assist the data subjects in compliance with GDPR, and the data processor is obliged to assist the data subject according to the same legislation, the data controller will invoice the data controller according to the current price list. The data processor will inform the data controller of such assistance, and will give the data ...
Security of processing where acting as a processor
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of d) Písmeny a) až c) nejsou dotčeny povinnosti vývozce údajů podle článků 13 a 14 nařízení (EU) 2016/679. 8.3. Přesnost a minimalizace údajů a) Každá strana zajistí, aby osobní údaje byly přes é a v případě potřeby aktualizovány. Dovozce údajů přijme veškerá smysluplná opatření, aby zajistil, že osobní údaje, které jsou nepřesné, b dou s ohledem na účel nebo účely zpracování bezodkladně vymazány nebo opraveny. b) Pokud se jedna ze stran dozví, že osobní údaje, které předala nebo přijala, jsou nepřesné nebo zastaralé, bez zbytečného odkladu o tom informuje druhou stranu. c) Dovozce údajů zajistí, aby osobní údaje byly přiměřené, relevantní a omezené na to, co je nezb tné z hlediska účelu nebo účelů, pro které jsou zpracovávány. 8.4. Omezení uložení Dovozce údajů uchová osobní údaje pouze po dobu nezbytnou pro účel nebo účely, pro který (které) jsou zpracovávány. Přijme vhodná technická nebo organizační opat ení k zajištění dodržování této povinnosti, včetně vymazání nebo anonymizace7 údajů a všech záloh na konci doby uchovávání. 8.5. Zabezpečení zpracování a) Dovozce údajů a během předávání také vývozce údajů přijmou vhodná technická a organizační opat ení k zajištění zabezpečení osobních údajů, včetně ochrany před porušením zabezpečení vedo cím k náhodnému nebo protiprávnímu zničení, ztrátě, změně nebo neoprávněnému poskytnutí nebo zpřístupnění (dále jen „porušení zabezpečení osobních údajů“). Při posuzování vhodné úrovně zabezpečení řádně zohlední aktuální stav techniky, náklady na provedení, povahu, rozsah, kontext a účel nebo účely zpracování a rizika pro subjekt údajů spojená se zpracováním. Strany zejména zváží použití šifrování 2 This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible. 2 To vyžaduje anonymizaci údajů takovým způsobem, aby již nikdo nemohl být n...
Security of. PRINCIPLES
Security of processing 2 Scc Aíticlc 2®(4) or Rcg"latio⭲ (EU) 2016/679 a⭲d, wkcíc tkc co⭲tíollcí is a⭲ EU i⭲stit"tio⭲ oí bodQ, Aíticlc 29(4) or Rcg"latio⭲ (EU) 201®/1725.
Security of processing (a) The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data2, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. (b) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach. (c) The data exporter shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. 8.3
Security of processing a. The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘Security Incident’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter or the controller. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. b. The data importer shall grant access to the data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to
