Special security measures. Use of Provider's Own Systems Use of EDPR's Systems • Design and implementation of media encryption procedure • Design and implementation of an personal data anonymisation procedure where technically feasible • Design and implementation of a data access logging procedure. • Design and implementation of a communication encryption procedure. • Design and implementation of backup copy and recovery procedure. • Performance of regular independent audits (at least every 2 years) of compliance of legal requirements related to protection of personal data, including the GDPR / Independent certification of conformity with the GDPR (when certification mechanisms are available). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). ANNEX II
Appears in 2 contracts
Samples: Data Access Agreement, Data Access Agreement
Special security measures. Use of Provider's Own Systems Use of EDPR's Systems • Design and implementation of media encryption procedure • Design and implementation of an personal data anonymisation procedure where technically feasible • Design and implementation of a data access logging procedure. • Design and implementation of a communication encryption procedure. • Design and implementation of backup copy and recovery procedure. • Performance of regular independent audits (at least every 2 years) of compliance of legal requirements related to protection of personal data, including the GDPR / Independent certification of conformity with the GDPR (when certification mechanisms are available). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). ANNEX II.
Appears in 2 contracts