Data protection & security is very important to us and our customers! Therefore we invest a lot in protecting our customers data, as such confidentiality, integrity and availability are the three pillars that pave our data protection strategy. The confidential nature, integrity and availability of the data generated and managed by MobileLab are all being processed in concordance with the latest EU & International data protection regulations and protocols.
These days, the state, all its bodies and all its citizens have become equally dependent on multiple complex electronic information systems, without which operating the state providing and using the various services has become impossible. Security is on top of mind across our company. As the fragility of information these days demands strong security/cyber security controls and protocols from the very first design step until the implementation and end user usage of the systems. During the design and implementation of security, complex security must be aimed for and in view of the principle of the weakest link, appropriate emphasis must be placed on all areas of security and all types of security measures and activities so as to ensure adequate protection.
In order to assess security level, the following tasks and requirements need to be reviewed:
- The level of elaboration of the detailed rules governing security processes
- The availability of specialist expertise associated with the security of electronic information systems within the organisation
- The regulated nature of the tasks and scopes of responsibility associated with the security of electronic information systems
- The regularity of security level measurements
- The level of elaboration of physical protection measures
- The level of processing of information associated with electronic information systems
- The position of information security within the organisation (is it handled as a part of the organisation, or only handled at the IT level)
- Whether security risk and impact analyses are performed
- Application of security management objectives and methods of measurement
- Frequency of occasional security and vulnerability tests
- Evaluation of the security of electronic information systems
- Measurement of the efficiency of security management
- Whether products with security evaluations are preferred when developing the electronic information system, etc.
The data transmission function of MobileLab and its systems have been developed and allocated to a security level on the basis of the above listed parameters and requirements. During the development, the required security level established was met through the selection and integration of an appropriate cryptographic solution and protocol. GDPR MobileLab takes its responsibilities in regards to the management of the requirements of the General Data Protection Regulation (GDPR) very seriously. All of its activities are in compliance with the GDPR.
MobileLab, uses, stores and otherwise processes personal data relating to potential staff, former staff, patients, website users and contacts, collectively referred to in this policy as data subjects. When processing personal data, we are obliged to fulfil individuals’ reasonable expectations of privacy by complying with GDPR and other relevant data protection legislation (data protection law).
This policy therefore seeks to ensure that we:
- are clear about how personal data must be processed and our expectations for all thosewho process personal data on its behalf;
- comply with the data protection law and with good practice;
- protect our reputation by ensuring the personal data entrusted to us is processed in accordance with data subjects’ rights
- protect us from risks of personal data breaches and other breaches of data protection law.
When we process personal data, we are being guided by the following principles, which are set out in the GDPR. We are responsible for, and must be able to demonstrate compliance with, the data protection principles listed below:
Those principles require personal data to be:
- processed lawfully, fairly and in a transparent manner (Lawfulness, fairness andtransparency)
- collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes (Purpose limitation).
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data minimisation).
- accurate and where necessary kept up to date (Accuracy).
- not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the personal data is processed (Storage limitation).
- processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, integrity and confidentiality).