Security of GDPR Register

GDPR Register takes security very seriously and we are continuously improving the security features and controls.

DATA CENTER LOCATION

GDPR Register application (https://app.gdprregister.eu) is operated in Amazon Web Services (AWS) infrastructure in EU-Central zone located in Frankfurt, Germany. Amazon Web Services infrastructure has been certified for strictest industry-specific standards and certifications, including:

ISO 27001, ISO 9001, ISO 27017, ISO27018
PCI DSS Level 1
SOC1, SOC2, SOC3
HIPAA, GDPR, FedRAMP, FIPS and more.

Please find a Full list of Certifications, Regulations and Frameworks.

DATA CENTER SECURITY

AWS (Amazon Web Services) data centers are secure by design and large number of controls in use make that possible. Data centers include state-of-the-art physical security and environmental access controls in highly secure environment and safety features including:

24/7 professional security staff, video surveillance, and intrusion detection systems.
Fire detection and suppression, redundant electrical power systems, and uninterruptible power supply (UPS)

Find a Full list of controls in AWS data centers:

DATA ENCRYPTION AND COMMUNICATIONS

GDPR Register employs AWS RDS (Amazon Relational Database Service) as for storing its data. Amazon RDS takes care of security and data protection and provides a scalable and fast performing database.

All data is encrypted inside AWS RDS database using AWS KMS (Amazon Key Management Service). KMS is a secure and resilient service that uses FIPS 140-2 validated hardware security modules to protect the encryption keys.

All the uploaded documents in document store are being held inside the same encrypted AWS RDS database service.

All connections to GDPR Register service are using TLS 1.2 transport layer security where all data is encrypted using 2048 bit RSA keys and SHA256withRSA as a signature algorithm.

AUTHENTICATION

Besides the username and password, it is possible to switch on highly secure Multi-Factor authentication via user’s cell phone. During the login process, one time password is sent to user’s phone number as SMS or into Authy mobile application. Multi-Factor authentication can be switched on from User Settings. 

RELIABILITY AND DATA PROTECTION

In order to provide a highly reliable service, GDPR Register employs technologies like AWS ELB (Amazon Elastic Load Balancing) into multiple application servers, which is adjustable based on system load. 

GDPR Register uses AWS RDS as its database system, which creates automated encrypted data backups for multiple times in a day to prevent any data loss. As additional data protection measure, a daily Offsite Backup process is transferring encrypted copy of data into Tallinn, Estonia (member of EU), Zone Media data center.

AUDITING

GDPR Register has an Audit Trail functionality, which logs every user login and user transaction like creating, modifying or deleting any record in the system. 

SECURE DEVELOPMENT STANDARDS

GDPR Register is following closely OWASP Top 10 Most Critical Web Application Security Risks top list to provide security by recommended design principles.

SUBSCRIPTION BILLING

GDPR Register utilises Chargebee (https://www.chargebee.com) as a subscription billing service provider for managing billing for GDPR Register customers. Chargebee is a PCI Data Security Standard (PCI DSS) Level 1 provider, certified to process credit card data.

See the Full overview of certifications and security controls of Chargebee.

VULNERABILITY SCANNING AND PATCHING

We periodically check and apply patches for third party software/services. As soon as vulnerabilities are discovered, the fixes are applied. We do periodic vulnerability scanning using the services of an authorised vulnerability scanning software.

Zpracovává vaše společnost osobní údaje?


Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje

 

Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 


Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?


Kas teie ettevõte kogub ja töötleb isikuandmeid?


Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?


Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data