Appendix C: Security Measures

Risk Management

RGPD.COM conducts an annual risk assessment covering all IT installations and their usage. This assessment is informed by the latest threat landscape and new industry insights, which shape our security measures and initiatives.

Information Security Policies

RGPD.COM follows an IT security policy, which is regularly reviewed to ensure compliance. Management approves the policy, which is communicated to all relevant employees and partners. It is reassessed annually or whenever significant organisational changes occur.

Information Security Management  

RGPD.COM has appointed an individual responsible for both organisational and system security.

We ensure that employees have access only to the information necessary for their roles, spanning all functions. Access levels are regularly reviewed and updated to align with employee duties.

Confidentiality

All employees and consultants at RGPD.COM are bound by confidentiality agreements that protect information during and after their tenure. Additionally, relevant staff sign a declaration of compliance with our IT Security Policy, further safeguarding the confidentiality of system security details, trade secrets, and business relationships.

Asset Management

All system assets are identified, documented, and catalogued, including descriptions of sub-components, physical and logical locations, and ownership details.

Access Control

Access to RGPD.COM systems is granted based on the “need-to-know” and “least privilege” principles, ensuring users only have access necessary for their work-related tasks.

Our systems manage access through a role-based model, with permissions tailored to each user’s role and responsibilities.

Employees requiring privileged access must demonstrate a verified work-related need and obtain management approval. Two-factor authentication is mandatory for all privileged accounts, with access strictly limited to what is necessary.

Physical Security

RGPD.COM ensures that our premises are always secured, and we rely on professional third-party providers to host our solutions. Our primary focus is on securing employee devices, all of which are encrypted.

Operational Security 

Our systems are hosted with our cloud provider, which offers robust security features such as encryption, redundancy, and backup.

Data is backed up nightly in the production environment and retained for 30 days, with monthly backups stored for four months.

System events are logged centrally to track errors across components. Monitoring dashboards provide an overview of resource usage and system health, with defined alarms managed by the development team.

We prioritise the continuous availability of all services, releasing updates with minimal or no downtime. When downtime is necessary, it is scheduled to minimise user impact, with customers notified in advance.

Secure Communications

Communication between users and our systems is secured via HTTPS, using TLS 1.2/1.3 protocols. SSL certificates issued by Let’s Encrypt, featuring 2048-bit RSA encryption, ensure that all data transmitted between the user’s browser and our servers is encrypted and protected from unauthorised access.

We utilise SFTP (Secure File Transfer Protocol) for secure data exchanges for file transfers, ensuring that all data is encrypted in transit. Additionally, any data imports or exports performed through our platform’s built-in functionalities are protected under HTTPS encryption, maintaining consistent security across all data transfer methods.

All employees and subcontractors are bound by confidentiality agreements, which apply both during and after their involvement with our systems.

Procurement, Development, and Maintenance

At RGPD.COM, our development process ensures continuous communication, quality assurance, and alignment with customer needs.

We enforce a structured approach, with tasks visualised and managed through distinct phases.

Development, testing, and production environments are kept separate to maintain quality control, ensuring rigorous checks at every stage before deployment.

Supplier Conditions

Supplier agreements are established for all systems, ensuring that subcontractors meet our security standards and comply with RGPD.COM’s policies.

Incident Handling

Any security incidents or vulnerabilities are reported to the designated security officer. The incident is logged, analysed, and managed according to a detailed procedure that includes customer notification and the implementation of corrective measures.

Compliance

RGPD.COM is responsible for ensuring compliance with relevant safety and data protection regulations, including GDPR. We assess and implement any necessary changes to our security policies or systems by these regulations.

Awareness Training

Ensure that your entire company is equipped with the necessary awareness training on the basics of GDPR and IT security.

Get Started within 24 hours.

Once you have submitted your details, you’ll be our top priority!