Which level of security is appropriate depends on the risks that come with the specific transfers of personal data you carry out. Several factors may be taken into account when assessing the risks that are inherent to the data transfers:
To determine what constitutes as an ‘appropriate’ level of security with regard to the assessed risks, you have to take into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. You can take, for example, the following measures:
Your organisation should be able to demonstrate which security measures have been implemented, and why these measures were chosen in light of the assessed risks. Furthermore, you have to frequently evaluate whether the implemented measures are still appropriate. You do not have to make this security policy public, but you should be able to demonstrate it if a supervisory authority requests this.
Do you want to know if the security measures you have taken are appropriate? At Legal ICT, we have extensive legal and technical knowledge and we would be pleased to advise you on suitable technical and organisational security measures. Furthermore, we can draft an internal security policy for you, and advise you on how to keep this policy up-to-date.
WOULD YOU LIKE MORE INFORMATION?
Send an e-mail to: email@example.com or call us at: +32 (0)2 535 77 55. You can also use the form below: one of our legal advisors will get back to you very soon.
A clear contract is a prerequisite for all IT projects. Legal ICT can help you draft or review your, or your client’s, IT-contracts.
You are legally required to inform your clients and visitors clearly about what privacy-sensitive data you collect and for what purpose.
Avenue Louise 65, 1000, Brussels, +32 (0)2 535 77 55, firstname.lastname@example.org