Topics

Cases
Interview
News
Project Management
Technologies

Tags

A
AI
Android
Asterisk
Automated testing
Awards&Recognition
B
Big data
Blockchain
Business automation
Business processes automation
C
CMS
Conversion
Corporate culture
Corporate news
CRM
CRM Gamification
CRM Gamification tool
Custom development
D
Data Science
Data visualization
DevOps
Digital farming
Digital transformation
Dynamics 365 CRM
E
E-commerce
Events
F
FHIR
G
Gamification
GDPR and security
Growth hacking
H
Healthcare
I
iOS
IoT
ISO
IT Consulting
J
JavaScript
L
Life sciences
Logistics
M
Machine learning
Microsoft
Microsoft Azure
Microsoft Partner Awards
MLOps
Mobile development
myQuiz
N
Nearshoring
Neural networks
O
Open Source
P
Performance optimization
Products
Project management
Project recovery
Q
Quality engineering
R
Relationship Charts
Request management
Retail
S
Sales growth
SKOV
Smart farming
Speakers
Startups
System integration
T
Telecom
Telephony integration
Testimonials
Text Mining
Travel and hospitality
U
UX/UI
V
ValueXI
W
Wave.Integrate
Web development
X
XLTools
Just start typing...
News

ISO and GDPR: our security and data management approach in 2021

Published August 10, 2021

WaveAccess is compliant with the GDPR and ISO/IEC 27001 standards, and we also employ internal security procedures to avoid the compromising of any data, be it our own or our customers’.   

The post-COVID business practices have changed drastically, but data security still remains pivotal for companies of all sizes. WaveAccess was prepared for these new challenges: we have been practicing the distributed teams approach and remote work models long before 2019. Moreover, we started our GDPR compliance journey back in 2017. 

To avoid any compromise of our own and our clients’ data, we apply a wide range of tools and solutions. The team of Security Officers and DevOps experts work in tight connection with all WaveAccess’ departments to ensure the compliance with the level of protection required by EU law.   

There is no specific certification for the GDPR, while the Regulator sets broad principles and their practical application is highly fact-specific. GDPR requires privacy by design and by default: protection of informational assets should not be something superficial, but a genuine way of operating business. 

GDPR compliance

WaveAccess had reviewed its data security framework by the time the new law came into effect on May 25th, 2018 and is committed to the principles outlined in the GDPR for all EU residents who share their data with us. 

To ensure that we were duly prepared for the GDPR, WaveAccess employed Deloitte to conduct an Initial Compliance Review back in November 2017 and was highly esteemed: 

WaveAccess made significant efforts to comply with forthcoming EU GDPR regulation, and we do not see any obstacles for WaveAccess to be fully compliant
Deloitte EU GDPR Initial Compliance Review

To show compliance with the GDPR, WaveAccess implements organizational and technical safeguards to protect data from destruction, loss, alteration, and unlawful disclosure:

  • We review our company’s procedures and policies on how to collect and process personal data — such as data governance policy, consent forms and privacy notes on your websites, data processing agreements. 

  • We use appropriate software and tools that help execute these procedures. E.g. malware protection, pseudonymization, encryption, ability to identify and block data breaches. 

For now, we have adapted our processes and reviewed the Privacy Policy to comply with the new regulation. 

Our rule of thumb here is to determine whether a potential data breach could result in a risk to the rights and freedoms of individuals (e.g. discrimination, damage to reputation, financial loss). If it could, then we ensure stricter protection for these categories of data.

ISO/IEC 27001 and ISO 9001:2015 standard compliance

Using several standards helps companies to manage the security of financial information, intellectual property, personal details and information entrusted by clients. 

ISO 27001:2013 is the internationally recognized framework that helps companies establish, implement, operate, keep, and continually improve their information security management system in order to keep their information assets secure. In 2020, WaveAccess successfully completed the scheduled inspection control to confirm the compliance of its information security management system against the requirements of the standard. Based on the positive audit findings, the certification body auditor has resolved to confirm the validity of the certificate No. 31101468 ISMS13 dated 08/10/2019 issued for WaveAccess.

We also were audited for compliance with the corporate quality management system (QMS) requirements of ISO 9001:2015 international standard. The compliant organization 

  • shows its ability to deliver products and services that meet customer and applicable statutory and regulatory requirements

  • aims to enhance customer satisfaction through the effective application of the quality management, including its improvement and assurance of conformity to customer and applicable statutory and regulatory requirements.

The certificate, which was provided to us last June by DQS holding, is valid till 2023. 

***

Fighting the pandemic or keeping businesses running, digital innovations can really make a positive impact. However these solutions can’t be effective until people trust them. Robust data protection practices are a key component of that credibility. We work hard to create highly reliable solutions that will build trust between our clients and their digital audience in Europe and worldwide.

Since 2018 the GDPR keeps evolving, while court decisions and official guidance documents shape the legal enforcement. We closely monitor the changes in the GDPR and update our practices accordingly to ensure continuous compliance. Recently, for example, the European Commission has adopted new Standard Contractual Clauses (Decision EU 2021/914 of 4 June 2021). These new SCC cover a broader range of data transfer scenarios and appropriate safeguards. Our team is already working to incorporate the new SCC into the data processing agreements with our EU clients.

 

Let us tell you more about our projects!

Сontact us:
hello@wave-access.com

+1 866 311 24 67 (USA)
+45 20 55 62 22 (Denmark)
+49 721 957 3177 (Germany)
+44 7770 395633 (United Kingdom)

GDPR and security ISO

Related Articles

News

WaveAccess is certified according to the ISO 9001:2011 standard

WaveAccess successfully underwent the audit for compliance of its quality management system with the requirements of the ISO 9001:2011 international standard.
December 3, 2014
News

We have been audited for compliance with ISO/IEC 27001:2013

By obtaining the ISO 27001:2013 certification, WaveAccess has further strengthened its commitment to providing customers with the necessary level of assurance regarding the way their information is managed and secured.
January 12, 2018
News

GDPR compliant: our security and data governance practices

The General Data Protection Regulation that took effect in May 2018 is designed to protect the personal data and privacy of EU residents. We have adapted our processes and reviewed the Privacy Policy to comply with the new regulation.
August 17, 2018

Related Services

UX/UI Reengineering
Design & Prototyping Design & Prototyping
System Integration
Optimization & DevOps System Integration
Application Development
Software Engineering Software Engineering

How we process your personal data

When you submit the completed form, your personal data will be processed by WaveAccess USA. Due to our international presence, your data may be transferred and processed outside the country where you reside or are located. You have the right to withdraw your consent at any time.
Please read our Privacy Policy for more information.