How does Eye-Able® ensure that personal and sensitive data are legally protected and processed?
Ensuring data protection throughout the entire lifecycle, including data subject rights, DPIA, data transfer, and access by authorities
Data protection and data security programme
Eye-Able® operates a comprehensive data protection and data security programme that takes into account all data protection requirements under the GDPR, ISO/IEC 27701 and other relevant standards.
Guidelines for data processing and data flows
There are documented guidelines for the classification, processing, transfer, storage and deletion of sensitive and personal data.
Data flows are inventoried, documented in terms of content and regularly reviewed.
Systems and processes are designed according to the principle of ‘privacy by design & default’.
Data protection impact assessment (DPIA)
Before personal data is used in new processes or tools, a data protection impact assessment (DPIA) is carried out, if necessary.
Protection of data subjects' rights
The protection of data subjects' rights (Art. 15 ff. GDPR) is technically and organisationally guaranteed, including access, rectification and erasure.
Sub-processors and production data
Access by sub-processors is only permitted on the basis of transparent contracts and after prior notification of the controller.
Production data may not be used in test environments unless documented approval has been obtained from the data controller.
Dealing with requests from authorities
Requests from investigating authorities are only processed in compliance with legal requirements, and Eye-Able® informs affected customers where possible, unless this is prevented by legal confidentiality obligations.
Storage, encryption and deletion
All data is treated, stored and encrypted in accordance with its protection class and deleted or anonymised after the retention periods have expired.