Sqills Security and Breach notification (part 2)

In our first post about GDPR we explained more about the essentials of the GDPR. In this article we are going to examine a specific aspect of GDPR: Data Breaches.

Personal Data Breach Notifications

In case of a personal data breach, the GDPR states that the controller should notify the relevant supervisory authority without undue delay, and not later than 72 hours after discovery by the controller, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

GDPR defines a personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. This can vary from leaving a print out of an email on a train to an aggressive network attack.

Sqills Security Monitoring

To successfully detect breaches, we have set controls in place which gives us the capacity to detect and respond to security events. Having an Information Security Management System and the ISO 27001:2013 standard and certificate in place since in 2016, Sqills already took a big step in protecting sensitive data during the complete life cycle of our software.

Our multidisciplinary security team, responsible for ensuring that we maintain our high security standards, is continuously looking for ways to improve our security settings even more and making our own employees aware of the latest security measurements and policies. Recently, we have implemented an intrusion detection system. We can identify any malicious activity by monitoring our network 24x7. In addition, the metrics can be used for future risk assessments.

Security impact

For each and every change in our software, we register if it has security impact or not. If it does have security impact, we will explain to our customers what the security impact is and how it will be handled. In this Jira security incident set up, customers can also report their concerns if they become aware of a potential breach. In case of a data breach we will cooperate with our customers (the controller) on the investigation of the causes and consequences of the data breach. We will provide assistance to our customers wherever we can.

Next up

Several features have been added to our S3 Passenger system to comply with the GDPR. Destruction or restitution of data are covered in this. Stay tuned to find out more or contact us now, if you can’t wait.

Questions? Contact us!

Alexander Mul
T +31 (0) 88 774 55 70