☐, the processor must take appropriate measures to ensure the security of the processing; Under the GDPR, a controller can be held liable for a data breach, even if it occurred on the part of the processor. Therefore, it is in the best interest of both parties to ensure that the processor has the necessary bandwidth to protect all data transmitted by the controller to them. The lower the risks, the better. However, in the event of a breach, the processor should be able to take immediate steps to minimise its impact. You acknowledge that the Subscription Service is hosted by our data center partners who maintain independently validated security programs (including SOC 2 and ISO 27001) and that our systems are regularly tested by independent third parties for penetration testing. And since the implementation of the GDPR, these “data processing clauses” have necessarily become a little longer than before. HAVE agreed on the following contractual clauses (the clauses) in order to provide adequate safeguards with regard to the protection of privacy and the fundamental rights and freedoms of natural persons for the transfer of the personal data referred to in Annex 1 by the data exporter to the data importer. . . .