Supervision by the controller in the processing of personal data by the processor regarding security measures
Frequency of inspections of the security measures made by the processor
The frequency of the inspections of the processor depends on the risk assessment.
If the risk is high, the processing company's security measures may need to be reviewed annually or even every six months. This depends on the situation and must be evaluated at all times.
If the risk has been assessed as low, it is sufficient to carry out the checks less often.
If the work is done in an evolving and rapidly changing environment, the checks need to be more frequent in accordance with the changes.
