Which level of security is appropriate depends on the risks that come with the specific transfers of personal data you carry out. Several factors may be taken into account when assessing the risks that are inherent to the data transfers:
To determine what constitutes as an ‘appropriate’ level of security with regard to the assessed risks, you have to take into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. You can take, for example, the following measures:
Your organisation should be able to demonstrate which security measures have been implemented, and why these measures were chosen in light of the assessed risks. Furthermore, you have to frequently evaluate whether the implemented measures are still appropriate. You do not have to make this security policy public, but you should be able to demonstrate it if a supervisory authority requests this.
Do you want to know if the security measures you have taken are appropriate? At Legal ICT, we have extensive legal and technical knowledge and we would be pleased to advise you on suitable technical and organisational security measures. Furthermore, we can draft an internal security policy for you, and advise you on how to keep this policy up-to-date.
WOULD YOU LIKE MORE INFORMATION?
Send an e-mail to: email@example.com or call us at: +32 (0)2 535 77 55. You can also use the form below: one of our legal advisors will get back to you very soon.
Now that the UK Parliament has rejected the withdrawal agreement which was prepared by the UK Government and the EU institutions, questions are mounting about what to expect now and which preparations may be in order. Does your organisation need legal advice on Brexit?
Are you planning to work with another business?
Avenue Louise 65, 1050, Brussels, +32 (0)2 808 17 41, firstname.lastname@example.org