GDPR Compliance

Your business has implemented appropriate technical and organisational measures to show you have considered and integrated data protection into your processing activities.

Protection mechnisms
Create encryption policies and procedures for relevant technologies, including what personal data to encrypt, how to encrypt it, and why to encrypt it. Regularly update these policies and procedures.

Chapter 4: Controller and processor
Section 2: Security of personal data
Art. 25 GDPR: Data protection by design and by default
Art. 32 GDPR: Security of processing
Recital 78: Appropriate Technical and Organisational Measures
Recital 83: Security of Processing
The security mechanisms within G/On provide all functions to ensure the protection from unintended loss of data. Changing this method requires the apropriate level of authorisation.
A Techincal White Paper is available for review on the technical capabilities. G/On conforms and exceeds industry standards in regrards to all aspecs of Authorisation and Autentication.
MailZen ensures that all Company data is either encrypted within the local managed container in the mobile device, or encrypted in transit. Furthermore Mailzen is designed not to share any information outside of the container. Changing this method requires the apropriate level of authorisation.
The Core technology withing MailZen has been tested and approved by the BSI. Inducation the aproriate use for High Secure or / and High demanding enviroments.
By-Design the NetAttes EPS does not effect Data itself. However, using the build in PKI, mutual authentication towards data processing servers enhances the security level by mitigating Man in the Middle attacks. And also enables encryption in transit.

Your business has effective processes to identify, report, manage and resolve any personal data breaches. BEIS must be notified within 48 hours about any breaches involving personal data being processed on our behalf.

Chapter 4: Controller and processor
Section 2: Security of personal data
Art. 33 GDPR: Notification of a personal data breach to the supervisory authority
Recital 85: Notification Obligation of Breaches to the Supervisory Authority
Recital 87: Promptness of Reporting / Notification

All activities are logged on the server side and therefore for the enduser unavailable area. The logging fully indicate all activity within the product duriong specific times.

All activities are logged in a seperated and for the enduser unavailable area. Logging is stored on the Enuser Mobile device, but also on the server side.

By default all handled activities for Authentication, Autorisation and Accounting are logged. Providing a complete audit trail when needed.

Maintain the principle of least privilege for all personal data. Document this consideration in relevant policies and procedures. Create a procedure to continually validate that least privilege to personal data is maintained.

Chapter 4: Controller and processor
Section 4: Data protection officer
Art. 39 GDPR: Tasks of the data protection officer
Recital 97: Data Protection Officer

G/On is build on the model of leas priviledge access. Required Access needs to be configured. There is no implicit access in G/On
G/On continuesly monitors the connection and wil terminate the connection based on suspicios actifity

Access restrictions are enforces by the NetAttest EPS. Next the EPS provides the ability for granulair Robe Based Access based on a Digital Certificates.