Navigating data with a privacy-first commitment
In today’s dynamic digital environment, asserting the importance of strict privacy and security measures isn't just a part of our business—it's a cornerstone of our operations and mission of saving lives every day. We don’t just say, “We adopt a Privacy-first approach” and “Your privacy is our priority”—we live it. This blog post pulls back the curtain on our internal operations to show you exactly how we turn these principles from mere words into action.
The GDPR milestone
The introduction of GDPR on May 25, 2018, marked a pivotal moment for data privacy in Europe. Anticipating its impact, we took proactive steps by establishing a dedicated internal task force: the PrivSec team. With strategic hires like a Data Protection Officer (DPO) and a Security Operations (SecOps) engineer, this team was designed to strengthen our operations seamlessly, integrating with existing teams without causing disruptions.
Annual awareness and continuous education
Aligned with GDPR's anniversary, we launched our annual Awareness Month each May. This initiative isn't just a series of events. It's a comprehensive educational campaign focusing on enhancing, understanding, and implementing our security and privacy protocols. "May Awareness Month" is crucial in educating our team about GDPR’s day-to-day implications, ensuring compliance, and expanding the scope of our ongoing efforts.
Certifications and commitments
Our journey didn’t stop at compliance. In 2022, we achieved ISO 27001 and ISO 27701 certifications, underscoring our unwavering commitment to the highest security standards. These certifications are more than accolades—they are a promise to our clients that their data is in safe hands. It's a testament to our dedication to fostering trust and safety in the digital sphere. We are committed to protecting client data and maintaining robust information security practices.
A culture of continuous improvement
As we celebrate our 7th May Awareness Month, filled with engaging PrivSec training sessions, technical talks, quizzes, and a healthy dose of humor through memes, we are reminded that our commitment to security extends well beyond May. Maintaining ISO 27001 and ISO 27701 certifications is an ongoing endeavor that demands continuous improvement from the PrivSec team and the entire company.
Throughout the year, our activities include:
- Performance monitoring: Continuously tracking the effectiveness of our security systems and processes. We identify threats and ensure compliance with security standards.
- Penetration testing: Together with a public bounty program, these tests help us proactively identify and address vulnerabilities.
- Policy and procedures reviews: Ensuring our operations remain efficient, effective, and compliant with the latest standards and regulations.
- Risk assessments and ISO audits: Identifying and mitigating potential risks while confirming compliance with ISO standards.
- Disaster recovery drills: Testing our response strategies to ensure rapid recovery, minimal downtime, and continued operation during emergencies.
- Tailored internal training: Educating our teams on their role in data protection and user privacy.
- Data subject rights requests: Evaluating and refining processes for responding to individuals' data access and privacy requests. This ensures compliance with data protection regulations.
Our compliance is woven into the fabric of our everyday operations. It’s a continuous commitment rather than a periodic obligation. We hope this insight into our dedicated approach demonstrates our structured and proactive measures in prioritizing privacy and security.
Let's connect
If you have questions about our approach to privacy and security, please reach out. We’re eager to share more about how we protect your data and respect your privacy.