Standard security measures

In the register of processing activities you can indicate which security measures you have taken to protect personal data. A number of frequently applied measures are described below.

Use https: It is wise to provide each website with an SSL certificate. The address then changes from http: // … to https: // … Encryption is now applied.

  • Drafting an Information security policy
  • Setting up and implementing an information security management system (ISMS)
  • External testing and certification of ISMS against ‘Security Verified’ standard
  • External testing and certification of ISMS against ISO 2700 standard
  • Screening of employees
  • Security awareness training for employees
  • Drafting and maintaining of risk inventory
  • Keep an incident register
  • Installation of firewall
  • Installation of virus scanner
  • Protection against data loss
  • Regular and structural backup of data
  • Encryption of data in the database
  • Encryption of hard disks / storage
  • Encryption of data during transport
  • Regular PEN testing of systems by external ethical hackers
  • Having a responsible disclosure policy
  • Use two-factor or multi-factor authentication
  • Establishing rules for choosing and recording passwords
  • Appoint a Data Protection Officer
  • Drafting and publishing on the website of a privacy statement
  • Mandatory password protection on laptops and other mobile devices
  • Mandatory encryption on laptops and other mobile devices