Taking into account the state of the art, the costs of implementation and the nature, scope, context and
purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural
persons, Data Processor shall in relation to the Client Personal Data implement appropriate technical and
organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the
measures referred to in Article 32(1) of the GDPR.