Appendix Technical and Organisational Measures Littlebit Technology B.V.
1. Confidentiality (Article 32 Paragraph 1 Point b GDPR)
Physical Access Control
No unauthorised access to Data Processing Facilities:
Magnetic or chip cards
Video/CCTV Systems
Electronic Access Control
No unauthorised use of the Data Processing and Data Storage Systems:
(Secure) passwords
Automatic blocking/locking mechanisms
Internal Access Control (permissions for user rights of access to and amendment of data)
No unauthorised Reading, Copying, Changes or Deletions of Data within the system:
Rights authorisation concept
Need-based rights of access
Pseudonymisation (Article 32 Paragraph 1 Point a GDPR; Article 25 Paragraph 1 GDPR)
The processing of personal data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional Information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures
Using Identification number
2. Integrity (Article 32 Paragraph 1 Point b GDPR)
Data Transfer Control
No unauthorised Reading, Copying, Changes or Deletions of Data with electronic transfer or transport:
Encryption
Virtual Private Networks (VPN)
Data Entry Control
Verification, whether and by whom personal data is entered into a Data Processing System, is changed or deleted:
Logging
Availability and Resilience (Article 32 Paragraph 1 Point b GDPR)
Availability Control
Prevention of accidental or wilful destruction or loss:
Backup Strategy (online/offline; on-site/off-site)
Virus protection
Firewall
Rapid Recovery (Article 32 Paragraph 1 Point c GDPR)
3. Procedures for regular testing, assessment and evaluation (Article 32 Paragraph 1 Point d GDPR; Article 25 Paragraph 1 GDPR)
Data Protection Management
Incident Response Management
Data Protection by Design and Default (Article 25 Paragraph 2 GDPR)
Order or Contract Control
No third party data processing as per Article 28 GDPR without corresponding instructions from the Client:
Clear and unambiguous contractual arrangements