Nutanix Partner Data Processing Addendum

Last Updated: August 26, 2022

This Data Processing Addendum, including its Annexes and the Standard Contractual Clauses (collectively, the "DPA"), sets forth the parties’ obligations with respect to the processing of Personal Data by both parties in connection with Nutanix’s partner program ("Partner Program") and is incorporated into and forms part of the terms and conditions of the Partner Program Agreement or other agreement governing the partner relationship ("Agreement") entered into by and between the Nutanix contracting entity identified in the Agreement ("Nutanix") on behalf of itself and its Affiliates and the Partner identified in the Agreement ("Partner"). In the event of a conflict between the Agreement and this DPA, this DPA shall control to the extent of the conflict with respect to the processing and disclosure of any Personal Data.

1. Definitions. Any capitalized terms used but not defined in this DPA shall have the meaning set forth in the Agreement.

1.1. "Affiliate" means any entity under the control of a party where "control" means ownership of or right to control greater than 50% of the voting securities of such entity.

1.2. “Applicable Privacy Law” means all worldwide data protection and privacy laws and regulations applicable to the Personal Data in question, including, where applicable, European Data Protection Law and all laws and regulations of the United States, including the CCPA.

1.3. "CCPA" means Title 1.81.5 California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100–1798.199), including any amendments and its implementing regulations that become effective on or after the effective date of this DPA (as amended, superseded or replaced from time to time).

1.4. "Europe" means for the purposes of this DPA, the European Economic Area ("EEA") and/or their Member States, the United Kingdom ("UK") and Switzerland.

1.5. "European Data Protection Law" means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) the GDPR as saved into UK law by virtue of section 3 of the UK's European Union (Withdrawal) Act 2018 (“UK GDPR”) and the UK Data Protection Act 2018 (collectively, "UK Privacy Law"); (iii) the Swiss Federal Data Protection Act of 19 June 1992 or the Swiss Federal Data Protection Act of 25 September 2020 when in full force and effect, as applicable, and its corresponding ordinances ("Swiss DPA"); (iv) the e-Privacy Directive (Directive 2002/58/EC); (v) any applicable data protection laws made under or pursuant to or that apply in conjunction with (i), (ii), (iii) or (iv) (in each case, as may be amended, superseded or replaced from time to time).

1.6. "Personal Data" means any data that is protected as "personal data" or "personal information" (or other analogous variation) under Applicable Privacy Law and that is exchanged by the parties in order to perform the Agreement, including: (a) the Personal Data Partner may receive from Nutanix ("Nutanix Data"); (b) the Personal Data Nutanix may receive from Partner ("Partner Data") and as more particularly described in Annex 1 of this DPA.

1.7. “Restricted Transfer” means: a transfer (directly or via onward transfer) of Personal Data that is subject to European Data Protection Law to a country outside Europe (or other exporting country with similar transfer restrictions) which is not subject to an adequacy determination by the applicable data protection authority of the exporting country (i.e. European Commission, United Kingdom or Swiss authorities, etc.).

1.8. "Security Incident" means a data breach or any unauthorized access or breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Personal Data.

1.9. "Standard Contractual Clauses" or "SCCs" means (i) the standard contractual clauses for the transfer of Personal Data to third countries adopted by the European Commission in its Implementing Decision (EU) 2021/91 of 4 June 2021; and (ii) where the Swiss DPA applies, the applicable standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner (the "Swiss SCCs").

1.10. "Term" means (i) the term of the Agreement, and (ii) any period after the termination or expiry of the Agreement during which the parties process Personal Data, until the corresponding party has deleted, destroyed or returned such Personal Data in accordance with the terms of the Agreement, including this DPA.

1.11. “UK Addendum” means the “UK Addendum to the EU Standard Contractual Clauses” issued by the Information Commissioner’s Office under s. 119A(1) of the UK Data Protection Act 2018.

1.12. The terms "controller", "data subject", "supervisory authority", "processor", "personal data breach" and "processing" shall have the meaning given to them under Applicable Privacy Law and "process", "processes" and "processed" shall be interpreted accordingly and the terms "business", "consumer", "sale" (including the terms "sell", "selling", "sold" and other variations thereof) and "service provider" shall have the meaning given to them in the CCPA for all US Personal Data.

2. Scope and Applicability of this DPA.

2.1. Scope. This DPA applies where and only to the extent that either party processes Personal Data that is subject to Applicable Privacy Law in connection with the Partner Program pursuant to the Agreement.

2.2. Relationship of the Parties. The parties acknowledge and agree that pursuant to the Agreement (including this DPA), each party may receive Personal Data from the other party described in Annex 1 for processing. The parties acknowledge and agree that each party is a controller or a business (as applicable) of the Personal Data it discloses to the other party and that each party will process Personal Data received from the other party as an independent controller or a business (as applicable) in accordance with and as permitted by this Agreement. In no event will the parties process the Personal Data as joint controllers.

3. Data Protection Obligations.

3.1. Compliance with law. Each party agrees that it will process any Personal Data it receives from the other party in accordance with Applicable Privacy Law and this DPA, and neither party shall be responsible for the other party's compliance with Applicable Privacy Law. In particular, each party shall be individually responsible for ensuring that its processing of the Personal Data is lawful, fair and transparent, and shall make available to data subjects a privacy statement that fulfils the requirements of Applicable Privacy Law. Each party shall be responsible for complying with all requirements under Applicable Privacy Law in order to disclose the Personal Data to the other party to process such Personal Data for the purposes described in Annex 1 ("Permitted Purposes").

4. Assistance and Cooperation.

4.1. Correspondence. The parties shall, on request, provide each other with all commercially reasonable and timely assistance and cooperation (at their own expense) to enable the other party to comply with its obligations under Applicable Privacy Law, including where applicable in order to enable the other party to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Privacy Law (including its rights of access, correction, objection, erasure, data portability, and right to opt-out from the sale of their personal information as applicable) in relation to the Personal Data processed hereunder; and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Personal Data hereunder (collectively "Correspondence").

4.2. Data subject requests. Each party shall promptly inform the other if it receives any Correspondence directly from a data subject in connection with the processing of the Personal Data, where the Correspondence relates to the processing conducted by the other party.

5. Security.

5.1. Security Measures. Each party shall implement and maintain appropriate technical and organizational security measures designed to protect the Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data. Such measures will include, at minimum, those measures described in Annex 2 of this DPA ("Security Measures"). Partner shall ensure that any person who is authorized by Partner to process Nutanix Data shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty). Nutanix shall ensure that any person who is authorized by Nutanix to process Partner Data shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

5.2. Updates to Security Measures. Both parties acknowledge that the Security Measures are subject to technical progress and development and that each party may update and/or modify the Security Measures from time to time, provided that such updates and/or modifications do not result in the degradation of the overall security of the Personal Data exchanged between the parties and continue to exceed the measures described in Annex 2.

5.3. Security Incident Response. Upon becoming aware of a Security Incident affecting the Personal Data received from the other party, each party shall inform the other party without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by the other party.

6. International Data Transfers.

6.1. Lawful transfer. Each party shall take all such measures as are necessary to ensure that the processing or transfer (directly or via onward transfer) of the Personal Data in or to a territory other than the territory in which the Personal Data was first collected is in compliance with Applicable Privacy Law.

6.2. Transfers relating to EEA residents. To the extent the parties receive, process, or transfer Personal Data subject to the GDPR and such transfer is a Restricted Transfer, each party agrees to process and transfer such Personal Data in compliance with the SCCs, which are incorporated herein in full by reference and form an integral part of this DPA, or any other lawful alternative data export solution ("Alternative Transfer Mechanism"). The parties agree that for the purposes of the SCCs (i) the Module One terms shall apply, (ii) in Clause 7, the optional docking clause shall apply; (iii) in Clause 11, the optional language shall be deleted; (iv) in Clause 17, Option 1 shall apply and the SCCs shall be governed by the laws of the Netherlands; (v) in Clause 18(b), disputes shall be resolved before the courts of the Netherlands; (vi) Annex I and Annex II of the SCCs shall be deemed completed with the information set out in Annex 1 and Annex 2 of this DPA respectively.

6.3. Transfers relating to the UK. To the extent the parties receive, process, or transfer Personal Data subject to UK Privacy Law and such transfer is a Restricted Transfer, the parties agree to process such Personal Data in compliance with the SCCs as implemented under Section 6.2 of this DPA with the following modifications: (i) the SCCs shall be deemed amended as specified by Part 2 of the UK Addendum; (ii) Tables 1 to 3 in Part 1 of the UK Addendum shall be deemed completed respectively with the information set out in Annexes 1 and 2 of this DPA; and (iii) Table 4 in Part 1 of the UK Addendum shall be deemed completed by selecting “neither party.”

6.4. Transfers relating to Switzerland, Brazil, and Other Similar Jurisdictions. To the extent the Personal Data is subject to the Swiss DPA, Brazil’s General Personal Data Protection Law 13709/2018, or other similar Applicable Privacy Law in jurisdictions that impose similar safeguards for transfers of Personal Data, and which constitute Restricted Transfers, the parties shall take all such measures as are necessary to ensure the Restricted Transfer is in compliance with Applicable Privacy Law and the DPA. The parties agree that, when the transfer of Personal Data to the other party is a Restricted Transfer, to process such Personal Data in compliance with the SCCs, which are incorporated herein with the following modifications (as applicable): (i) references to "Regulation (EU) 2016/679" shall be interpreted as references to Applicable Privacy Law; (ii) references to specific Articles of "Regulation (EU) 2016/679" shall be replaced with the equivalent article or section of Applicable Privacy Law ; (iii) references to "EU", "Union", "Member State" and "Member State law" shall be replaced with references to the country where the data exporter is established ; (iv) term "member state" shall not be interpreted in such a way as to exclude data subjects from the possibility of suing for their rights in their place of habitual residence (i.e., Switzerland, Brazil or other applicable country); (v) Clause 13(a) and Part C of Annex II shall not be used; (vi) references to the "competent supervisory authority" and “competent courts” shall refer to the data protection authority and applicable courts governing the country where the data exporter is established ; (vii) in Clause 17, the SCCs shall be governed by the laws of the applicable country where the data exporter is established; and (viii) in Clause 18(b), disputes shall be resolved by the applicable courts where the data exporter is established. With respect to Restricted Transfers to which the Swiss DPA applies, the Swiss SCCs also protect the data of legal entities until the entry into force of the revised Swiss Federal Data Protection Act of 25 September 2020.

6.5. Cooperation regarding Additional Measures and Alternate Data Transfer Mechanisms: In the event that Applicable Privacy Law and/or a supervisory authority with binding authority orders (for whatever reason) or court of competent jurisdiction requires the parties to adopt additional measures ("Additional Measures") or an Alternative Transfer Mechanism to lawfully conduct a Restricted Transfer or otherwise process Personal Data, both parties agree to cooperate in good faith to implement any mutually-agreed upon Additional Measures or Alternative Transfer Mechanism that may be required (but only to the extent such Additional Measures or Alternative Transfer Mechanism extend to the territories to which Personal Data is transferred). If the parties are unable to agree upon Additional Measures or Alternative Transfer Mechanism, any of the parties may terminate the Agreement without liability.

7. Subpoenas and Court Orders. Neither party shall voluntarily provide government agencies or authorities (including law enforcement) with access to the Personal Data it receives from the other party. If the receiving party receives a compulsory request (whether through a subpoena, court order, search warrant, or other valid legal process) from any government agency or authority (including law enforcement) for access to the Personal Data it has received from the disclosing party, it shall: (i) attempt to redirect the agency to request the Personal Data directly from the disclosing party; and (ii) notify the disclosing party of the request prior to making any disclosure to allow the disclosing party an opportunity to seek a protective order or other appropriate remedy. As part of this effort, the receiving party may provide the disclosing party’s primary and billing contact information to the agency. Neither party shall be required to comply with this Section 7. if it is legally prohibited from doing so, or it has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual, public safety, or its property, product or services.

8. Subcontracting. Each party may, at its sole discretion, appoint third party processors or service providers (as applicable) to process the Personal Data it receives from the disclosing party for the Permitted Purposes, provided that such processors or service providers (as applicable) implement appropriate technical and organizational security measures to protect the Personal Data received against a Security Incident and otherwise provide sufficient guarantees that they will process the Personal Data in a manner that will meet the requirements of Applicable Privacy Law and that will not cause either party to breach applicable laws or breach its obligations under the Agreement. The processors’ or service providers’ (as applicable) technical and organizational security measures shall provide a level of protection, at minimum, equivalent to the Security Measures described in Annex 2 of this DPA.

9. Miscellaneous.

9.1. Disclosures. The parties acknowledge that each party may disclose this DPA (including the SCCs) and any relevant privacy provisions in the Agreement to the U.S. Department of Commerce, the Federal Trade Commission, a European data protection authority or any other U.S. or European judicial or regulatory body upon their request.

9.2. Conflicts. Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If and to the extent there is any conflict between any provision in this DPA and any provision in the Agreement, this DPA controls and takes precedence. If and to the extent the SCCs conflict with any provision of this DPA, the SCCs control and take precedence.

9.3. Modifications. Notwithstanding anything to the contrary in the Agreement, Nutanix may periodically make modifications to this DPA as may be required to comply with Applicable Privacy Law.

9.4. Claims. Any claims brought under or in connection with this DPA shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Agreement. Accordingly, any reference in the Agreement to the liability of a party means the aggregate liability of that party and all of its Affiliates under and in connection with the Agreement and this DPA together. Notwithstanding the foregoing, in no event shall any party limit its liability with respect to any data subject rights or any competent supervisory authority under the SCCs.

9.5. Severability. If any provision or part-provision of this DPA is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of the DPA.

9.6. Governing Law. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Applicable Privacy Law or the SCCs.

Annex 1

Description of Processing Activities / Transfer

TRANSFER OF NUTANIX DATA

(A) List of Parties:

Data Exporter	Data Importer
Name: Nutanix	Name: Partner is the party identified as the Partner in the Agreement and this DPA.
Contact person's name, position and contact details: Legal Department, privacy@nutanix.com	Contact Person's name, position and contact details: As identified in the Agreement and this DPA.
Activities relevant to the transfer: See (B) Description of Transfer below	Activities relevant to the transfer: See (B) Description of Transfer below
Role: Controller	Role: Controller

(B) Description of transfer:

	Description
Categories of data subjects:	Customers of Nutanix - past, present, potential and future customers of Nutanix. Customer Contacts - past, present, potential and future subscribers and other contacts of Nutanix customers. Other Contacts - past, present, potential and future prospects, customers, business partners and vendors of Nutanix's customers. Nutanix Employees- past and present employees of Nutanix
Categories of personal data:	Contact details such as: Name, Professional email addresses, Professional telephone number(s), Professional mailing address, Employer, Title.
Sensitive data:	The parties do not intend to disclose special categories of data.
If sensitive data, the applied restrictions or safeguards^{^[1]}	Not Applicable
Frequency of the transfer:	Continuous
Purpose, nature and subject matter of processing:	Nutanix Data is processed solely as necessary to facilitate the marketing, sale, and delivery of Nutanix Products. Nutanix Data processed will be subject to the processing activities described in the Agreement and as strictly necessary to facilitate the marketing, sale, and delivery of Nutanix Products in accordance with the Agreement and/or as otherwise agreed by the parties.
Retention period (or, if not possible to determine, the criteria used to determine that period):	Nutanix Data will be processed and retained for the Term.

(C) Competent Supervisory Authority:

The competent supervisory authority will be determined in accordance with Applicable Privacy Law.

TRANSFER OF PARTNER DATA

(A) List of Parties:

Data Exporter	Data Importer
Name: Partner is the party identified as the Partner in the Agreement and this DPA.	Name: Nutanix
Contact Person's name, position and contact details: As identified in the Agreement and this DPA.	Contact person's name, position and contact details: Legal Department, privacy@nutanix.com
Activities relevant to the transfer: See (B) Description of Transfer below	Activities relevant to the transfer: See (B) Description of Transfer below
Role: Controller	Role: Controller

(B) Description of transfer:

	Description
Categories of data subjects:	Customers of Partner - past, present, potential and future customers of Partner. Customer Contacts - past, present, potential and future subscribers and other contacts of Partner customers. Other Contacts – past, present, potential and future prospects, customers, business partners and vendors of Partner's customers. Partner Employees- past and present employees of Partner
Categories of personal data:	Contact details such as: Name, Professional email addresses, Professional telephone number(s), Professional mailing address, Employer, Title.
Sensitive data:	The parties do not intend to disclose special categories of data.
If sensitive data, the applied restrictions or safeguards^{^[2]}	Not Applicable
Frequency of the transfer:	Continuous
Purpose, nature and subject matter of processing:	Partner Data is processed to allow contact with the individuals whose contact details are shared for Nutanix's marketing purposes. Partner Data processed will be subject to the processing activities described in the Agreement and as strictly necessary to facilitate the marketing and sale of Nutanix Products in accordance with the Agreement and/or as otherwise agreed by the parties.
Retention period (or, if not possible to determine, the criteria used to determine that period):	Partner Data will be processed and retained for the Term.

(C) Competent Supervisory Authority:

The competent supervisory authority will be determined in accordance with Applicable Privacy Law.

Annex 2

Technical and Organizational Measures

Partner and Nutanix shall implement and maintain the following minimum technical and organizational measures (including any relevant certifications) to ensure an appropriate level of security taking into account the nature, scope, context and purposes of the processing, and the risks for the rights and freedoms of natural persons:

Type of measure	Implemented measure
1. Measures of encryption of Personal Data	Encryption of Personal Data while at rest and in transit consistent with industry standards and at a minimum of 256-bit encryption.
2. Measures for ensuring ongoing confidentiality, integrity and resilience of processing systems and services	Ensure employees are required to sign a confidentiality agreement when accepting a new hire offer and contractors who access the facilities and/or Personal Data required to sign a confidentiality or non-disclosure agreement. Implement and maintain security and privacy awareness training for all employees regarding the handling and securing of confidential information and Personal Data consistent with applicable law (including Applicable Privacy Law). Remote access to systems must utilize secure applications. Access to remote resources must be authenticated using multiple authentication factors (MFA). Identify appropriately defined organizational roles for security and incident response. Include appropriate controls addressing (A) critical asset identification and asset management; (B) access controls and management; (C) physical and environmental security; (D) communications and operations security and management; (E) systems acquisition, development, and maintenance; (F) third-party risk management; (G) configuration and change management for software systems; (H) incident response, planning, and management, including appropriate maintenance, monitoring and analysis of audit logs; and (I) business continuity management and contingency planning/redundancy. Proper user authentication for all employees and contractors with access to Personal Data, including, without limitation, by assigning each employee/contractor unique access credentials for access to any system on which Personal Data can be accessed and prohibiting employees/contractors from sharing such access credentials. Restrict and track access to Personal Data by only those employees/contractors whose access is necessary to performing the services and implement and maintain logging and monitoring technology to help detect and prevent unauthorized access attempts to networks and production systems. Conduct periodic reviews of changes affecting systems’ handling authentication, authorization, and auditing; and privileged access to production systems. Upon termination of any employee/contractor, ensure the terminated employee/contractor’s access to any Personal Data on each party’s systems will be immediately revoked. If Partner or any authorized person is granted access to or connects to any computing system, network, platform, facilities or telecommunications or other information system (the "Systems") owned, controlled, or operated by or on behalf of Nutanix or any of its Affiliates, then Partner and any applicable authorized person will be subject to and shall comply with all then-current Nutanix policies, including without limitation, all security, privacy, safety, environmental, information technology, legal and business conduct policies. Any such access or connection to the Systems is strictly for the purpose of Partner's performance of and in accordance with the Agreement and this DPA. Partner agrees that Nutanix may perform periodic network assessments, and should any such assessment reveal inadequate security by Partner, Nutanix, in addition to other remedies it may have, may suspend Partner's access to the Systems until such security issue has been eliminated.
3. Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident	Maintain internal practices, plans or procedures that are designed to reasonably ensure each party’s products and services are uninterrupted during the Term. Maintain: (i) periodic backups (including backup encryption) of production file systems and databases according to a defined schedule; and (ii) a formal disaster recovery plan for the production data center and conduct regular testing on the effectiveness of such plan.
4. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing	See Section 5 of the DPA. Regularly conduct internal security audits and contract annually for external security assessments and penetration tests of each party’s systems including, without limitation, cloud architecture, business processes and procedures, access controls and encryption measures. Implement and maintain a risk assessment program to help identify foreseeable internal and external risks to each party’s information resources and determine if existing controls, policies, and procedures are adequate.
5. Measures for user identification and authorization	Proper user authentication for all employees and contractors with access to Personal Data, including, without limitation, by assigning each employee/contractor unique access credentials for access to any system on which Personal Data can be accessed and prohibiting employees/contractors from sharing such access credentials. See Section 2 above for requirements on access restrictions and tracking. Conduct periodic reviews of changes affecting systems’ handling authentication, authorization, and auditing; and privileged access to production systems.
6. Measures for the protection of Personal Data during storage	See Section 1 above for requirements on encryption at rest. Multifactor authentication is enabled for user access to the production environment. Not store Personal Data on any removable storage devices, excluding industry-standard tape backups for disaster recovery / business continuity purposes.
7. Measures for ensuring physical security of locations at which Personal Data are processed	Establish limits on physical access to information systems and facilities using physical controls (e.g., coded badge access) that provide reasonable assurance that access to data centers is limited to authorized individuals. Install camera or video surveillance systems at critical internal and external entry points. All access logs and cameras shall be monitored 24x7. Alerts to unauthorized access or activities are responded to immediately by a designated incident response team. Record retention shall be maintained for 6 months if permitted under applicable law.
8. Measures for ensuring events logging	All activities impacting Personal Data, the management of this Personal Data, and changes to access shall be logged and reviewed on a regular schedule for unauthorized access or activities. These logs shall be securely stored and processed by a security event and incident management system, which shall be configured to alert for suspicious or unauthorized activities 24x7. A designated team shall be responsible to manage and monitor these systems and logs.
9. Measures for ensuring system configuration, including default configuration	Implement and maintain policies and procedures for managing changes to production systems, applications and databases, including without limitation, processes for documenting testing and approval of changes into production, security patching, and authentication.
10. Measures for internal IT and IT security governance and management	Maintain and implement security policies and procedures designed to ensure employees and contractors process Personal Data in accordance with the Standard Contractual Clauses, this DPA and Applicable Privacy Laws. Implement and enforce disciplinary measures against employees and contractors for failure to abide by its security policies and procedures.
11. Measures for certification/assurance of processes and products	See Section 4 above for requirements on certifications. All information security roles and responsibilities are defined and allocated. Minimization of opportunities for unauthorized or unintentional modification or misuse of assets and Personal Data.
12. Measures for ensuring data minimization and accountability	See Annex 1 of the DPA Security measures are in place to provide only the minimum amount of access necessary to perform required functions. Data retention time limits restricted.
13. Measures for ensuring data quality	See Section 4 of the DPA for requirements relating to the exercise of data subject rights. Development environments are protected from malicious or accidental development and update of code that may create vulnerabilities or compromise confidentiality, integrity, and availability of Personal Data.
14. Measures for ensuring limited data retention	See Annex 1 of the DPA.
15. Measures for allowing data portability and ensuring erasure	See Sections 4 of the DPA.

[1] Such restrictions or safeguards must fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff have followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

[2] Such restrictions or safeguards must fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff have followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.