Security of GDPR Register

GDPR Register takes security very seriously and we are continuously improving the security features and controls.

INFRASTRUCTURE COMPLIANCE

GDPR Register application service (https://app.gdprregister.eu) is operated in Amazon Web Services (AWS) infrastructure in EU-Central zone located in Frankfurt, Germany and EU-West zone, located in Dublin, Ireland. Amazon Web Services infrastructure has been certified for strictest industry-specific standards and certifications, including:

ISO 27001, ISO 9001, ISO 27017, ISO27018
PCI DSS Level 1
SOC1, SOC2, SOC3
HIPAA, GDPR, FedRAMP, FIPS and more.

Full list of Certifications, Regulations and Frameworks is located here:
https://aws.amazon.com/compliance/programs

DATA CENTER SECURITY

AWS data centers are secure by design and large number of controls in use make that possible. Data centers include state-of-the-art physical security and environmental access controls in highly secure environment and safety features including:

24/7 professional security staff, video surveillane, and intrusion detection systems.
Fire detection and suppression, redundant electrical power systems, and uninterruptible power supply (UPS)

Full list of controls in AWS data centers:
https://aws.amazon.com/compliance/data-center/controls

AUTHENTICATION

Besides the username and password, GDPR Register is using highly secure Two-Factor authentication via user’s cell phone. During the login process, one time password is sent to user’s phone number as SMS or into Authy mobile application.

DATA COMMUNICATIONS SECURITY

All connections to GDPR Register service are using TLS 1.2 transport layer security where all data is encrypted using 2048 bit RSA keys and SHA256withRSA as a signature algorithm.

AUDITING

GDPR Register has an Audit Trail functionality, which logs every user login and user transaction like creating, modifying or deleting any record in the system. 

RELIABILITY AND BACKUPS

In order to provide a highly reliable service, GDPR Register employs technologies like AWS ELB load balancing into multiple application servers, which is adjustable based on system load. GDPR Register uses AWS RDS as its database system, having regular automated backups into multiple AWS regions to prevent any data loss.

SECURE DEVELOPMENT STANDARDS

GDPR Register is following closely OWASP Top 10 Most Critical Web Application Security Risks top list to provide security by design principles, which is located here:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

SUBSCRIPTION BILLING

GDPR Register is using Chargbee (www.chargebee.com) as a subscription billing service provider for managing billing for GDPR Register customers. Chargebee is a PCI Data Security Standard (PCI DSS) Level 1 provider.

Please see the full overview of certifications and security controls of Chargebee here:
https://www.chargebee.com/security

VULNERABILITY SCANNING AND PATCHING

We periodically check and apply patches for third party software/services. As soon as vulnerabilities are discovered, the fixes are applied. We do periodic vulnerability scanning using the services of an authorized vulnerability scanning software.

Zpracovává vaše společnost osobní údaje?


Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje

 

Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 


Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?


Kas teie ettevõte kogub ja töötleb isikuandmeid?


Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?


Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data