The applications often turn out to be the main means for the processing of personal data within the company, and it is therefore appropriate that during the corporate process of alignment with GDPR, they are also subject to a check of the security measures in place, through an appropriate state of the art checklist. Our assessment methodology includes a census of all privacy impact applications (i.e. all the applications used to process personal data) used within the company’s infrastructure and, through interviews or demonstrations on the various platforms, the compilation of a checklist containing the security measures in place in order to highlight any gaps in the application.
Such activity does not embrace exclusively the verification of the presence of the most common security measures but, drawing from the eminent “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers” ENISA’s (available online at this URL address) and the ISO/IEC 27001:2013, a state-of-the-art analysis of the protection of personal data offered by the application is carried out; the presence of additional features will also be examined in order to simplify the verification of the requests of the interest parties such as the new right introduced by GDPR, or the right to portability pursuant to Art. 20 GDPR. The results of the activity will be described precisely in a detailed Report, which will include the methodology performed in order to be able to re-implement it periodically, as well as all the gaps encountered with the related recommendations in order to increase the security level of applications. We are also available to interface with the customer’s suppliers, both during the compilation checklists, and in post-assessment and analysis of the results.