Security & Compliance(GDPR)

Controls that a company implements to protect its assets and meeting the standards that a third-party has set forth as best practices.


The purpose of the GDPR is to protect individuals and the data that describes them and to ensure the organisations that collect that data do so in responsible manner. The GDPR also mandates that personal data is maintained safely;

The 7 data protection principles are:

  1. Lawfulness, fairness, and transparency

  2. Purpose limitation

  3. Data minimisation

  4. Accuracy

  5. Storage limitations

  6. Integrity and confidentiality

  7. Accountability

Personal data can include these types of information:

  • Name

  • Identification number

  • Location data

  • Any information that is specific to “the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

  • Biometric data that is acquired through some form of technical process, such as facial imaging or fingerprinting

  • Information related to a person’s health or healthcare

  • Racial or ethnic information of an individual

  • Political opinions or religious beliefs

  • Union membership