Common use of Special security measures Clause in Contracts

Special security measures. Use of Provider's Own Systems Use of EDPR's Systems • Design and implementation of media encryption procedure • Design and implementation of an personal data anonymisation procedure where technically feasible • Design and implementation of a data access logging procedure. • Design and implementation of a communication encryption procedure. • Design and implementation of backup copy and recovery procedure. • Performance of regular independent audits (at least every 2 years) of compliance of legal requirements related to protection of personal data, including the GDPR / Independent certification of conformity with the GDPR (when certification mechanisms are available). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). ANNEX II

Special security measures. Use of Provider's Own Systems Use of EDPR's Systems • Design and implementation of media encryption procedure • Design and implementation of an personal data anonymisation procedure where technically feasible • Design and implementation of a data access logging procedure. • Design and implementation of a communication encryption procedure. • Design and implementation of backup copy and recovery procedure. • Performance of regular independent audits (at least every 2 years) of compliance of legal requirements related to protection of personal data, including the GDPR / Independent certification of conformity with the GDPR (when certification mechanisms are available). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). • Adhesion to code of conduct on protection of personal data, pursuant to GDPR • Design and implementation of a procedure for secure and confidential destruction or return of data and documents (preventing any subsequent recovery and certifying non-existence of copies), when contractual relationship ends (except when obligation exists to preserve the data for an additional period, in which case the data/documents should be locked). ANNEX II.