GDPR in IT

GDPR in IT infrastructure

There are no precise legal regulations

Legal provisions regarding the GDPR do not regulate precisely the technical requirements in relation to IT systems used in companies and institutions. We do not find any specific guidelines regarding the expected IT security solutions in an organization in legal acts.

IT threats identification

We know that safeguards should be applied that are adequately matched to the threats identified in the risk analysis carried out for a specific company or organization.

Setting the direction of the development of the IT system

The right choice and correct implementation of specific safeguards in the areas for which there is justification for the use of given IT solutions enables the effective use of funds dedicated to the development of the IT system in the company.

We verify IT adaptation to the GDPR requirements

Exanet from Poznań verifies whether the IT system and applied security measures meet the requirements of the GDPR.

IT security solutions

Implementation of appropriate technical measures

Legal articles stipulate that technical measures should be implemented that are appropriate to ensure a sufficient level of security for a given risk in the IT system.

The administrator or the entity processing data in an organization or company should have appropriate technical measures and solutions implemented to ensure an appropriate level of security.

IT security solutions

•  Personal data encryption.
•  The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
•  The ability to quickly restore the availability of personal data in the event of a physical or technical incident.
•  Regularly testing, measuring and evaluating the effectiveness of technical measures to ensure the security of processing.

Adapting IT to GDPR in the company

Many years of experience and best practice

Exanet provides services related to the adaptation of IT infrastructure in companies and institutions to the requirements of the GDPR, using many years of experience gained in the implementation of IT projects for medium and large enterprises.

In our activities, we apply the best practice principles defined by global suppliers of equipment and IT solutions for business. We take into account the guidelines from legal acts, carrying out the control and configuration of individual elements of the IT system.

In our work, we apply the best practice principles defined by global suppliers of equipment and IT solutions for business. We take into account the guidelines from legal acts, during the IT audits and configuration of individual elements of the IT system.

We adapt the IT system to the GDPR

•  We implement and configure the firewall (new generation firewall, NGFW) for companies – protection against unauthorized access to the IT infrastructure.
•  We configure the following services: smtp / pop3 / imap mail, file server, FTP, print server, anti-virus console, VOIP.
•  We configure remote access and VPN.
•  We configure services: www server, DNS, DHCP.
•  We configure and implement the database server.
•  We configure and implement virtualization (Hyper-V or vSphere).
•  We configure and implement the WSUS server (management of the updates of the operating system and software on end devices).
•  We select and configure antivirus protection for servers and computers used in the organization.
•  We configure and implement central management of anti-virus software updates (ESET console).
•  We implement a monitoring and reporting system for connections initiated from the internal and external network.
•  We implement solutions for centralized management of user rights (Active Directory).
•  We implement a backup system that enables automatic verification of completed tasks and reporting.

Our offer also includes