BUSINESS FORWARD, in the context of compliance with the General Data Protection Regulation 2016/679 and the national legal framework governing the protection of personal data processed either as a Data Controller or as a Processor, has established this policy in order to communicate to any interested party or party involved in data management processes the basic principles of the company.
The Company’s Policy and all its procedures have been established on the basis of the following pillars of values:
- Personal data is the unique property of every natural person and must be protected against erroneous or unauthorised processing2
.
The privacy of each individual is a fundamental right of each individual which must not be infringed under any circumstances3. The
basic way to protect data
,
whether in electronic or paper form, is first and foremost to ensure controlled access and to maintain an appropriate infrastructure for its processing4. In
all cases, the privacy, integrity, availability and durability of data
must be preserved
BUSINESS FORWARD selects the security procedures and mechanisms to be adopted for each individual infrastructure or process by applying a broader strategic planning based on the following stages:
1. Identification of data and their flows
- Evaluation of existing practices based on legal requirements
- Preparation of a DPIA to calculate the final impact on natural persons where appropriate4
. Determine mechanisms based on the results of the above analysis and calculate the residual risk
Based on the above, in order for the company to be able to comply with both the legal framework and the principles that it sets for its operation, the following mechanisms, procedures and measures have been adopted:
1. Physical access control policy to the company’s premises: access control system, continuous escort of visitors, access logs;
2. Logical access control policy (allocation of roles and corresponding assignment of access rights, user accounts, policy for protection of all information systems)
3. Active and passive fire protection measures
- Procedures for segregation of duties (job descriptions, separated duties & areas of responsibility, detailed procedures for operation)
- Personnel selection and evaluation procedures (qualification and reference requirements, signing of confidentiality – confidentiality – banking secrecy agreements)
6. Information systems protection
measures (firewall customized policies, traffic control, traffic logs, antivirus on servers & clients, ups systems, computer locking, access control etc.)
7. Management of partners – suppliers (procedures and criteria for selection – evaluation, audits of suppliers and partners, conclusion of binding cooperation contracts with specific terms of confidentiality – confidentiality – data protection)
8. Existence of insurance policies (professional liability)
The company has appointed a Data Protection Officer as the Data Controller. If you wish to contact the company’s DPO directly, you can use the email dpo@businessforward.gr or the company’s main telephone number.