GDPR Compliance Audit

Basics

In essence, GDPR is a strict data privacy code that holds companies responsible for securing the data they store and process.

Securing primary systems is one thing— we know all the cybersecurity cliches about endpoints and perimeters. GDPR, however, is solely focused on data, which means that any surface over which that data passes must be protected from exposure, even if it’s in the hands of a vendor. Vendors in this sense include both managed services, like outsourced IT, and hosted services, like cloud servers and storage. The enterprise technology ecosystem has evolved to include a complex interrelationship of hosted and managed services, in addition to traditional on-premise network and data center architectures— all of these must be factored into GDPR compliance *upguard.com.

Addressing risks in GDPR

If your business operates in EU and you choose a software development vendor you want to be sure that this vendor will share the responsibility for security of your users' data.

In 4irelabs we take care of GDPR risks and we have a process that can guarantee that during our development and operational processes we perform technical and organizational measures regarding the data security.

During the development process, we take care of the encryption of the user's personal data.

  • No passwords in plain-text

  • No unencrypted documents stored in the infrastructure

  • We provide reports on-demand regarding what personal data is stored and where it's stored

  • We watch that the right to be forgotten is performed

  • We give you the report of what database rows and documents on hard drives and in cloud storages are deleted when a user requested it.

  • We take care of how our developers access the data on infrastructure by using advanced logging and auditing tools.

When you need to host some important data (eg. legal documents), we can use additional instruments that can guarantee advanced logging and security, like AWS or GCP KMS. We also can maintain such systems on your on-premise infrastructure.

Access to data

All our developers who have access to the infrastructure or to the production database or cloud storage buckets use 2-factor authentication. Decryption and encryption of any personal data are stored in the special logging tools that you can audit.

Security audits

We're open for external security audits and take responsibility for fixing critical security issues found.

Communication of a personal data breach to the data subject

In case of security breach found, 4ire labs team fixes the issue ASAP no more than 1 week and notify all users whose data is affected.

Conclusion

At first, you can treat GDPR compliance as something scary, but with an experienced vendor whom you can believe, you can transform it into a good competitive advantage of your business.

For more information please contact our sales department.