What is sensitive information? Information relating to the individual’s personality, financial information that includes bank account and credit details, biometric data, criminal record, medical condition, opinions and sexual orientation.
If there are files in your organization that contain such information, then you are obliged to register the database with the Privacy Protection Authority.
As a database owner, you are subject to several obligations, the failure of which may be considered a criminal offense, for example, an obligation of confidentiality, supervision and control, and implementation of a list of regulations in the field of information security, which include system mapping and risk assessment.
Who is a data privacy survey intended for?
- For companies and entities that have registered databases and wish to perform information security checks in accordance with the legislative requirements.
- The database owner is required to conduct a professional information security risk assessment for the databases every 18 months to identify and examine failures in terms of security and procedures.
What are the advantages of conducting a data privacy survey?
- Provide the client with a clear picture of information security failures with regard to databases, including detailed recommendations on how to handle them.
- Compliance with the requirements of the privacy protection legislation.
What will be the highlights of the test?
The survey examines the organization’s readiness and compliance with the requirements of the Privacy Protection Law. Among the topics that will be examined:
- Classification of the stored information.
- Checking how the information is stored.
- Review of the existing protection measures.
- Examining documentation processes.
- Examining the existence and distribution of procedures that comply with the requirements of the law.
- In-depth examination of backup and recovery processes.
- How information security incidents are handled.
- Management of access permissions to the information.
- Mapping and examining the security of interfaces against different systems in the organization.
- The manner of working with outsourcing.
- The quality of physical security.
- Checking whether the registration of the owners of the information is updated.
It is essential that a cyber consulting company conducts the survey for you. The reason for this is that one should not be satisfied with the questionnaire alone but with the systems’ actual tests, including penetration tests. Remember, you must ensure that access to the databases is properly hardened.