Advertisement
opexxx

technical and organisational measures.txt

Jun 14th, 2021
260
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.03 KB | None | 0 0
  1. The technical and organisational measures need to be described concretely and not in a generic manner.
  2.  
  3. Description of the technical and organisational security measures implemented by the processor(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, as well as the risks for the rights and freedoms of natural persons. Examples of possible measures:
  4.  
  5. Measures of pseudonymisation and encryption of personal data
  6.  
  7. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
  8.  
  9. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  10.  
  11. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
  12.  
  13. Measures for user identification and authorisation
  14.  
  15. Measures for the protection of data during transmission
  16.  
  17. Measures for the protection of data during storage
  18.  
  19. Measures for ensuring physical security of locations at which personal data are processed
  20.  
  21. Measures for ensuring events logging
  22.  
  23. Measures for ensuring system configuration, including default configuration
  24.  
  25. Measures for internal IT and IT security governance and management
  26.  
  27. Measures for certification/assurance of processes and products
  28.  
  29. Measures for ensuring data minimisation
  30.  
  31. Measures for ensuring data quality
  32.  
  33. Measures for ensuring limited data retention
  34.  
  35. Measures for ensuring accountability
  36.  
  37. Measures for allowing data portability and ensuring erasure]
  38.  
  39. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller
  40.  
  41. Description of the specific technical and organisational measures to be taken by the processor to be able to provide assistance to the controller.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement