GDPR Statement

Introduction. Since 2018, the General Data Protection Regulation (GDPR) has been in effect, governing virtually every aspect of collecting, processing, handling and storing personal data, and enhancing the rights given to data subjects to control personal data collected about them.

Cyber Advisory Excellence has developed this document to explain about representative examples of GDPR requirements and how Cyber Advisory Excellence complies with them.

Applicability. The GDPR applies to businesses established in the EU or the UK. It also applies to business established outside the EU and UK who offer their product and services to data subjects in the EU or the UK. Because Cyber Advisory Excellence offers services to people in the EU and UK , the GDPR applies to Cyber Advisory Excellence.

Cyber Advisory Excellence has been working diligently to ensure its continued compliance with the requirement of the GDPR. It is assisted by advisors guiding the company in its GDPR compliance efforts. These efforts include technological, organizational, procedural and legal steps

Data Stream Mapping

Cyber Advisory Excellence has canvassed the various personal data streams and data sources flowing through the company and identified and documenting the use cases for the data. This serves both as a basis for GDPR preparedness and as a basis for compliance with the GDPR’s requirement of maintaining documented records of data processing activities.

Transparency

Under the GDPR’s principle of ‘transparency’, organizations are required to take appropriate measures to provide information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form. The GDPR encourages the provision of such information in writing, including, where appropriate, by electronic means.

Cyber Advisory Excellence’s privacy policy will serve as the main mechanism for compliance with the GDPR’s transparency obligations, to describe Cyber Advisory Excellence’s practices with respect to personal data and to explain how Cyber Advisory Excellence facilitates data subjects’ exercise of their rights under the GDPR. 

Data security

The GDPR requires organizations handling personal data to implement appropriate technical and organizational measures to secure personal data, including encryption and security tests. 

Cyber Advisory Excellence takes measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of personal data. Key measures include:

  • Implementing a comprehensive security configuration that uses top-tier software security. 
  • Enforcing strong password policies and MFA for administrators.
  • Enabling brute force protection.
  • Built-in Web Application Firewalls and DoS protection
  • Encrypted databases.
  • Automated backups.
  • Stringent user access controls.
  • Disabled legacy and unnecessary APIs.
  • Continuous security updates. 

Our infrastructure relies on secure edge protection, monitoring, and documentation including annual SOC 2 audits and ISO 27001 certification, to ensure our site follows industry security requirements. 

Engaging subcontractors

The GDPR legitimizes the use of subcontractors for data processing activities, subject to several conditions. 

For example, as required by the GDPR, Cyber Advisory Excellence will perform due diligence into its subcontractors’ data protection practices to confirm that the subcontractor provides sufficient guarantees that its processing will meet GDPR requirements. Cyber Advisory Excellence will also will enter into a data processing agreement with the subcontractor that is consistent with GDPR requirements for such engagements.

Cross-border data transfers

The GDPR restricts the cross-border transfer of personal data to jurisdictions outside the European Economic Area (EEA) and UK. As a general rule, personal data may only be transferred to jurisdictions recognized by the EU Commission as having an adequate level of data protection, or otherwise transferred under appropriate safeguards.

Cyber Advisory Excellence and its subcontractors involved in personal data processing will process personal data in member states of the European Economic Area, in territories (e.g., Israel) or territorial sectors (e.g., US-EU Data Privacy Framework) recognized by an adequacy decision of the European Commission as providing an adequate level of protection for personal data, or through recipients subject to adequate safeguards under the GDPR (e.g., Standard Contractual Clauses).

Skip to content