Security of. processing The level of security shall take into account that the processing may involve confidential and special catgetories of personal data (ref. Article 9 GDPR), depending of the scope of the assignment. Confidential information may be social security number, salary, bank account numbers, etc. Special categories may include trade union membership and health information (sick leaves, etc.). The data processor shall hereafter be entitled and under obligation to make decisions about the technical and organisational security measures that are to be applied to create the necessary level of data security. The data processor shall however - in any event and at a minimum - implement the following measures that have been agreed with the data controller: All systems require personal logon with password. All systems containing confidental information have muliti factor authentication logon All computers may be remotely locked and erased by IT department. All employees must annualy complete a security awareness program. Access to systems, mail, etc. via phones, pads, etc, have the same security measures as computers. Data is encrypted during transfer. There is access control at all locations, and all data centeres have a high level physical access control C.
Appears in 5 contracts
Samples: Data Processor Agreement, Data Processor Agreement, Data Processor Agreement
