Back to FAQ

What technical and organizational measures do you take to protect data

We adhere to the following technical and organizational measures for data protection according to Art. 32 GDPR:

Electronic access control
  • ✓ Assignment of user rights
  • ✓ Password assignment
  • ✓ Authentication with user name / password
  • ✓ Create user profiles
  • ✓ Assignment of user profiles to IT systems
  • ✓ Use of VPN technology
  • ✓ Encryption of mobile data carriers
  • ✓ Encryption of data carriers in laptops/notebooks
  • ✓ Use of a software firewall
Access level control
  • ✓ Create an authorization concept
  • ✓ Number of administrators reduced to “essential only”
  • ✓ Encryption of data carriers
  • ✓ Administration of rights by system administrator ✓ Password policy incl. password length, password change
Relay control
  • ✓ Facilities of leased lines or VPN tunnels
  • ✓ E-mail encryption
Input control
  • ✓ Traceability of input, modification and deletion of data by individual user names (not user groups)
  • ✓ Assignment of rights to input, change and deletion of data based on an authorization concept
Order control
  • ✓ Selection of the contractor with due diligence (especially regarding data security)
  • ✓ Written instructions to the contractor (e.g., by order processing contract)
  • ✓ Obligation of contractor employees regarding data confidentiality
Availability control
  • ✓ Create a backup & recovery concept
Separation control
  • ✓ Defining database rights
  • ✓ Separation of productive and test system