GDPR COMPLIANCE IMPLEMENTATION: BEST PRACTICES

GDPR COMPLIANCE OBLIGATIONS

The General Data Protection Regulation (“GDPR”) was enacted to close the loopholes in data privacy protection an outdated Data Protection Directive could no longer tighten. The GDPR imposes obligations on companies from 28 countries of the EU and regulates the way they manipulate data on the EU territory. Whether it’s storing, collecting or transferring data, GDPR requires that businesses exercise due diligence and comply with pre-determined data protection principles and conditions for data processing.

  1. The subject gave an explicit legal consent for collecting and processing personal data for no other purposes but the legitimate ones.
  2. The subject is privy to all processing activities with their personal data.
  3. Only necessary data required for specified and explicit purposes is collected.
  4. Data is accurate and updated.
  5. Data is properly destroyed or deleted when no longer needed.
  6. Data is protected against unauthorized or unlawful processing, loss, damage or destruction.

GDPR COMPLIANCE IMPLEMENTATION STEPS

With quite unlimited guidance that our experience of past projects provided, Agiliway had long as developed certain strategies and daily operations ensuring personal data protection of its customers. The strategies have worked well for some time already. Reviewing and updating Agiliway privacy policy in compliance with data protection legislation enforced by GDPR meant further reinforcing the existing strategies. To stay within the GDPR we took special care to revisit data processing operations in the following areas:

ACCESS CONTROL OF DATA PROCESSING PREMISES

To prevent unauthorized access to the premises where data is processed Agiliway has implemented specified protective measures:

  • Entrance to the office building is allowed only with a personal smart card granting access to corresponding sections of the office, while keys from project rooms are obtained by employees upon fingerprint authentication. Access to the server room is restricted to authorized employees only.
  • Personalized smart card and the fingerprint record is removed when an employee leaves the company.
  • The office is locked during night hours and connected to a centralized police monitoring system. Security guards are present on the territory 24/7. Corridors, stairs, entrance, parking lots are equipped with a video surveillance system.
  • Visitors are not permitted without the prior approval of management or HR and unless accompanied by an employee. Guests have no access to the corporate network.

--

--

Custom software development company offering a wide range of IT Consulting, Web and Mobile development, Quality Management, BI and BigData services.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Agiliway

Agiliway

29 Followers

Custom software development company offering a wide range of IT Consulting, Web and Mobile development, Quality Management, BI and BigData services.