As you are aware, the General Data Protection Regulation (GDPR) is EU’s new data protection regulation, which will come into force on May 25, 2018.
The purpose of the Act is to strengthen the personal integrity in the processing of personal data. The Act affects all companies, organizations and industries handling personal data and will, among other things, require new routines to guarantee safe data management.
We – Yorizon are well prepared and already managing our customers’ personal data according to the same principles as GDPR:
- We ensure that the gathering and management of our customers’ personal data complies with our clients’ instructions and consequently the required legislation.
- We guarantee the integrity of each and every client as well as the right to their own data. We guarantee their right to extract desired personal data, correct and/or delete it.
- We have a well thought out security process, with a clear information and security policy.
We always guarantee that data transfer and storage is securely stored in our data centers within the EU.
Currently we are finalizing our Statement of Applicability (SoA). This is one of the key documents of the ISO 27001 information security management system (ISMS).
The Statement of Applicability is one of the key documents for our ISMS, an output derived from Yorizon’s Risk Assessment and Risk Treatment plan which contains the controls selected for our organization. The document contains explanations and justifications which include details as to what, when, where, and how. These controls are based on ISO 27002 (Information technology – Security techniques – Code of practice for information security management) and reference internal policies, procedures, or guidelines.
The Statement of Applicability, together with the Scope document, offers assurance of the depth and breadth of our ISMS.