5. Security of processing

Owned by Morten Kirk Guldager
Sept 12, 2024
1 min read

  1. The Data Processor shall take all the measures required pursuant to Article 32 of the General Data
    Protection Regulation which stipulates that with consideration for the current level,
    implementation costs and the nature, scope, context and purposes of processing and the risk of
    varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller
    and Processor shall implement appropriate technical and organisational measures to ensure a
    level of security appropriate to the risk.

  2. The above obligation means that the Data Processor shall perform a risk assessment and
    thereafter implement measures to counter the identified risk. Depending on their relevance, the
    measures may include the following:

    1. Pseudonymisation and encryption of personal data

    2. The ability to ensure ongoing confidentiality, integrity, availability and resilience of
      processing systems and services.

    3. The ability to restore the availability and access to personal data in a timely manner
      in the event of a physical or technical incident.

    4. A process for regularly testing, assessing and evaluating the effectiveness of technical
      and organisational measures for ensuring the security of the processing.

  3. The Data Processor shall in ensuring the above – in all cases – at a minimum implement the level
    of security and the measures specified in Appendix C to this Data Processing Agreement.

  4. The Parties’ possible regulation/agreement on remuneration etc. for the Data Controller’s or the
    Data Processor’s subsequent requirement for establishing additional security measures shall be
    specified in the Parties’ ‘Master Agreement’.

Need help? Get in touch with us via: https://www.retinalyze.com/contact