Applications are often the main means of processing personal data within organization, and it is therefore necessary that during the company’s alignment process with the GDPR, a verification of the security measures in place to protect them is carried out. This is done by means of a state of the art checklist. Our assessment methodology includes a census of all applications with a privacy impact (i.e. all applications used for the processing of personal data) utilized within the organizational infrastructure and, through interviews or demonstrations on the various platforms, a checklist containing the security measures in place is completed in order to highlight any identified gaps within the application.
This activity is not only contextualized in the verification of the presence of the most common security measures but, drawing on ENISA’s “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers” (available online at this address) and the ISO/IEC 27001:2013 standard, a state-of-the-art analysis of the personal data protection offered by the application will be carried out. The presence of additional features will also be examined in order to simplify the response to the requests of the data subjects, such as the new right introduced by the GDPR, i.e. the right to portability under Art. 20 GDPR. The results of the activity will be extensively described in a detailed Report, which will include the methodology used in order to re-implement it periodically, as well as all the gaps found with the related recommendations in order to increase the security level of the applications. We will also remain available to interface with the your suppliers, both during the compilation of the checklists and during the post-assessment and in the analysis of the results.