Skip to content

Procedures for periodic review, assessment, and evaluation

1 Data protection management

Central documentation of all procedures and regulations for data protection, with access options for employees as required / authorization.
ISO 27001 certified data center.
Documented security concept.
The effectiveness of the technical protective measures is checked at least once a year.
Employees trained and committed to confidentiality/data secrecy.
Regular sensitization of employees.
The organization complies with the information obligations under Article 13 and 14 GDPR.

2 Incident response management

Use of firewall and regular updating.
Use of spam filters and regular updates.
Use of virus scanners and regular updates.
Intrusion Detection System
Documented procedure for handling security incidents.

3 Data protection-friendly pre-set

No more personal data is collected than is required for the respective purpose.

4 Order control

Measures to ensure that personal data processed on behalf of the Client can only be processed in accordance with the Client's instructions.
Regulation for the automated deletion of travel data, depending on the agreement with the Client; usually 2 weeks.
Order processing because of written orders only.
Instructions from the Client in writing only.
The group of individuals authorized to issue and receive instructions is defined.
Obligation of the employees of the Contractor to data secrecy.
Ensuring the destruction of data after termination of the contract;
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.