GDPR COMPLIANCE IMPLEMENTATION: BEST PRACTICES

In the new digital age we face unprecedented times of wide opportunities. Internet is just about everywhere and can be connected to just about any device generating diverse forms of data circulation, exchange and accumulation. One can easily pay the bills, share documents, make a purchase and handle multiple daily tasks without passing the front door of their homes. This is how modern technology makes our lives more convenient. Yet it comes at a price. The price is our privacy. As personal data are shared online, the predators feed on security flaws. The companies get infiltrated, while identities, funds, intellectual property stolen.

GDPR COMPLIANCE OBLIGATIONS

The General Data Protection Regulation (“GDPR”) was enacted to close the loopholes in data privacy protection an outdated Data Protection Directive could no longer tighten. The GDPR imposes obligations on companies from 28 countries of the EU and regulates the way they manipulate data on the EU territory. Whether it’s storing, collecting or transferring data, GDPR requires that businesses exercise due diligence and comply with pre-determined data protection principles and conditions for data processing.

As the GDPR directive proclaims, any information related to a person (name, photo, email address, bank details, location details, medical information, or even computer IP address, and updates on social networking websites) shall be reckoned as personal data and its secure processing must be warranted.

Effective execution of personal data protection strategies is supported by corresponding GDPR principles enacting certain restrictions and requirements. The principles lay out responsibilities for companies to ensure:

  1. The subject gave an explicit legal consent for collecting and processing personal data for no other purposes but the legitimate ones.

GDPR COMPLIANCE IMPLEMENTATION STEPS

With quite unlimited guidance that our experience of past projects provided, Agiliway had long as developed certain strategies and daily operations ensuring personal data protection of its customers. The strategies have worked well for some time already. Reviewing and updating Agiliway privacy policy in compliance with data protection legislation enforced by GDPR meant further reinforcing the existing strategies. To stay within the GDPR we took special care to revisit data processing operations in the following areas:

ACCESS CONTROL OF DATA PROCESSING PREMISES

To prevent unauthorized access to the premises where data is processed Agiliway has implemented specified protective measures:

  • Entrance to the office building is allowed only with a personal smart card granting access to corresponding sections of the office, while keys from project rooms are obtained by employees upon fingerprint authentication. Access to the server room is restricted to authorized employees only.

Continue reading at https://agiliway.com/gdpr-compliance-implementation-best-practices/

Custom software development company offering a wide range of IT Consulting, Web and Mobile development, Quality Management, BI and BigData services.

Love podcasts or audiobooks? Learn on the go with our new app.