Data Protection Policy

EITCA Academy Data Protection Policy

The European IT Certification Institute effectively implements data protection by design and default. This document specified the outline of the organization’s Data Protection Policy which is periodically reviewed and updated. The last update of this document was done on 12th November 2022.

1. Data Protection Impact Assessment

We conduct data protection impact assessment (DPIA), identifying and mitigating data protection risks associated with a particular project or system. By conducting a DPIA, we ensure that data protection is considered throughout the design and implementation process in our data systems.

2. Privacy Policies and Procedures

We implement privacy policies and procedures, outlining how personal data is collected, processed, and stored. By implementing these policies and procedures we ensure that data protection is built into our operations from the start.

3. Limiting Data Collection

We limit data collection to a minimum amount of personal data necessary for implementing EITC/EITCA certification processes (including identity verification). This reduces the risks of data breaches and ensures compliance with data protection regulations, including the GDPR.

4. Data Access Controls

We implement data access controls, in order to ensure that personal data is only accessible to authorized personnel who need to access it for legitimate purposes in certification processes.

5. Data Encryption

We encrypt sensitive personal data to protect it from unauthorized access or use. Our databases are protected by state of the art information security systems in compliance with our Information Security Policy (ISP).

6. Data Retention Policies

We implement data retention and deletion policies for personal data, further reducing the risk of data breaches and ensuring compliance with data protection regulations.

7. Data Protection Training

We conduct regular data protection training our employees to ensure that they are aware of their data protection responsibilities and know how to protect personal data.

8. Data Breaches Monitoring

We monitor for any potential data breaches, implementing systems for monitoring and detecting data breaches in compliance with our Information Security Policy, reducing the risk of data breaches and ensuring that potential breaches are detected, contained and responded to promptly.

9. Data Protection Audits

We conduct regular audits in order to ensure that our data protection policies and procedures are effective and compliant with data protection regulations.

By implementing these measures and ensuring that data protection is considered throughout the design and implementation process, the European IT Certification Institute can effectively protect all data it processes. More details on data protection is contained in our Information Security Policy. The European IT Certification Institute is committed to maintaining the highest standards in regard to personal data protection and compliance with the General Data Protection Regulation, making sure to comply with all applicable laws and regulations related to these issues, as well as to leading industry standards and best practices, including the ISO 27701 Privacy Information Management System.