Just start typing...

ISO and GDPR: our security and data management approach in 2021

Published August 10, 2021

WaveAccess is compliant with the GDPR and ISO/IEC 27001 standards, and we also employ internal security procedures to avoid the compromising of any data, be it our own or our customers’.   

The post-COVID business practices have changed drastically, but data security still remains pivotal for companies of all sizes. WaveAccess was prepared for these new challenges: we have been practicing the distributed teams approach and remote work models long before 2019. Moreover, we started our GDPR compliance journey back in 2017. 

To avoid any compromise of our own and our clients’ data, we apply a wide range of tools and solutions. The team of Security Officers and DevOps experts work in tight connection with all WaveAccess’ departments to ensure the compliance with the level of protection required by EU law.   

There is no specific certification for the GDPR, while the Regulator sets broad principles and their practical application is highly fact-specific. GDPR requires privacy by design and by default: protection of informational assets should not be something superficial, but a genuine way of operating business. 

GDPR compliance

WaveAccess had reviewed its data security framework by the time the new law came into effect on May 25th, 2018 and is committed to the principles outlined in the GDPR for all EU residents who share their data with us. 

To ensure that we were duly prepared for the GDPR, WaveAccess employed Deloitte to conduct an Initial Compliance Review back in November 2017 and was highly esteemed: 

WaveAccess made significant efforts to comply with forthcoming EU GDPR regulation, and we do not see any obstacles for WaveAccess to be fully compliant
Deloitte EU GDPR Initial Compliance Review

To show compliance with the GDPR, WaveAccess implements organizational and technical safeguards to protect data from destruction, loss, alteration, and unlawful disclosure:

  • We review our company’s procedures and policies on how to collect and process personal data — such as data governance policy, consent forms and privacy notes on your websites, data processing agreements. 

  • We use appropriate software and tools that help execute these procedures. E.g. malware protection, pseudonymization, encryption, ability to identify and block data breaches. 

For now, we have adapted our processes and reviewed the Privacy Policy to comply with the new regulation. 

Our rule of thumb here is to determine whether a potential data breach could result in a risk to the rights and freedoms of individuals (e.g. discrimination, damage to reputation, financial loss). If it could, then we ensure stricter protection for these categories of data.

ISO/IEC 27001 and ISO 9001:2015 standard compliance

Using several standards helps companies to manage the security of financial information, intellectual property, personal details and information entrusted by clients. 

ISO 27001:2013 is the internationally recognized framework that helps companies establish, implement, operate, keep, and continually improve their information security management system in order to keep their information assets secure. In 2020, WaveAccess successfully completed the scheduled inspection control to confirm the compliance of its information security management system against the requirements of the standard. Based on the positive audit findings, the certification body auditor has resolved to confirm the validity of the certificate No. 31101468 ISMS13 dated 08/10/2019 issued for WaveAccess.

We also were audited for compliance with the corporate quality management system (QMS) requirements of ISO 9001:2015 international standard. The compliant organization 

  • shows its ability to deliver products and services that meet customer and applicable statutory and regulatory requirements

  • aims to enhance customer satisfaction through the effective application of the quality management, including its improvement and assurance of conformity to customer and applicable statutory and regulatory requirements.

The certificate, which was provided to us last June by DQS holding, is valid till 2023. 


Fighting the pandemic or keeping businesses running, digital innovations can really make a positive impact. However these solutions can’t be effective until people trust them. Robust data protection practices are a key component of that credibility. We work hard to create highly reliable solutions that will build trust between our clients and their digital audience in Europe and worldwide.

Since 2018 the GDPR keeps evolving, while court decisions and official guidance documents shape the legal enforcement. We closely monitor the changes in the GDPR and update our practices accordingly to ensure continuous compliance. Recently, for example, the European Commission has adopted new Standard Contractual Clauses (Decision EU 2021/914 of 4 June 2021). These new SCC cover a broader range of data transfer scenarios and appropriate safeguards. Our team is already working to incorporate the new SCC into the data processing agreements with our EU clients.


WaveAccess is certified according to the ISO 9001:2011 standard

WaveAccess successfully underwent the audit for compliance of its quality management system with the requirements of the ISO 9001:2011 international standard.
December 3, 2014

We have been audited for compliance with ISO/IEC 27001:2013

By obtaining the ISO 27001:2013 certification, WaveAccess has further strengthened its commitment to providing customers with the necessary level of assurance regarding the way their information is managed and secured.
January 12, 2018

GDPR compliant: our security and data governance practices

The General Data Protection Regulation that took effect in May 2018 is designed to protect the personal data and privacy of EU residents. We have adapted our processes and reviewed the Privacy Policy to comply with the new regulation.
August 17, 2018

Related Services

Application Development

How we process your personal data

When you submit the completed form, your personal data will be processed by WaveAccess USA. Due to our international presence, your data may be transferred and processed outside the country where you reside or are located. You have the right to withdraw your consent at any time.
Please read our Privacy Policy for more information.