In the new digital age we face unprecedented times of wide opportunities. Internet is just about everywhere and can be connected to just about any device generating diverse forms of data circulation, exchange and accumulation. One can easily pay the bills, share documents, make a purchase and handle multiple daily tasks without passing the front door of their homes. This is how modern technology makes our lives more convenient. Yet it comes at a price. The price is our privacy. As personal data are shared online, the predators feed on security flaws. The companies get infiltrated, while identities, funds, intellectual property stolen.
GDPR COMPLIANCE OBLIGATIONS
The General Data Protection Regulation (“GDPR”) was enacted to close the loopholes in data privacy protection an outdated Data Protection Directive could no longer tighten. The GDPR imposes obligations on companies from 28 countries of the EU and regulates the way they manipulate data on the EU territory. Whether it’s storing, collecting or transferring data, GDPR requires that businesses exercise due diligence and comply with pre-determined data protection principles and conditions for data processing.
As the GDPR directive proclaims, any information related to a person (name, photo, email address, bank details, location details, medical information, or even computer IP address, and updates on social networking websites) shall be reckoned as personal data and its secure processing must be warranted.
Effective execution of personal data protection strategies is supported by corresponding GDPR principles enacting certain restrictions and requirements. The principles lay out responsibilities for companies to ensure:
- The subject gave an explicit legal consent for collecting and processing personal data for no other purposes but the legitimate ones.
- The subject is privy to all processing activities with their personal data.
- Only necessary data required for specified and explicit purposes is collected.
- Data is accurate and updated.
- Data is properly destroyed or deleted when no longer needed.
- Data is protected against unauthorized or unlawful processing, loss, damage or destruction.
GDPR COMPLIANCE IMPLEMENTATION STEPS
With quite unlimited guidance that our experience of past projects provided, Agiliway had long as developed certain strategies and daily operations ensuring personal data protection of its customers. The strategies have worked well for some time already. Reviewing and updating Agiliway privacy policy in compliance with data protection legislation enforced by GDPR meant further reinforcing the existing strategies. To stay within the GDPR we took special care to revisit data processing operations in the following areas:
ACCESS CONTROL OF DATA PROCESSING PREMISES
To prevent unauthorized access to the premises where data is processed Agiliway has implemented specified protective measures:
- Entrance to the office building is allowed only with a personal smart card granting access to corresponding sections of the office, while keys from project rooms are obtained by employees upon fingerprint authentication. Access to the server room is restricted to authorized employees only.
- Personalized smart card and the fingerprint record is removed when an employee leaves the company.
- The office is locked during night hours and connected to a centralized police monitoring system. Security guards are present on the territory 24/7. Corridors, stairs, entrance, parking lots are equipped with a video surveillance system.
- Visitors are not permitted without the prior approval of management or HR and unless accompanied by an employee. Guests have no access to the corporate network.
Continue reading at https://agiliway.com/gdpr-compliance-implementation-best-practices/
