What Is GDPR and Why the Fuss?
Recently, the European Union has enforced the General Data Protection Regulation (GDPR). It aims to protect major businesses and average Internet users. While Ukraine is not a part of the EU (at least, yet), the GDPR has also caused a genuine IT-revolution here.
The GDPR was introduced on May 25th, 2018. Shortly, it became the most profound data regulation reform in decades. It challenged not only the companies located in Europe but all the businesses dealing with some personal data of EU citizens.
Ukraine Is Safe for Your Data
Ukraine is recovering from its post-soviet era and strives to become a full-fledged member of the European Union. Economic, social, and legislative reforms are on the rise here. The IT industry in our country is the fastest-growing and most profitable, competitive, and promising sphere to run a business. The number of companies to outsource is constantly growing, and the pool of talents is significant.
The GDPR aims to harmonize data regulations across all the EU members and to protect the personal information of each EU citizen. The Ukrainian legislation on data safety fully complies with it.
Data protection in Ukraine is regulated by such legal documents:
the Constitution of Ukraine,
the Civil Code of Ukraine,
the Law of Ukraine “On Information”,
the Law of Ukraine “On Protection of Information in the Information and Telecommunication Systems”,
the Law of Ukraine "On Electronic Commerce".
These laws have been recently updated to comply with the GDPR and to address the most topical challenges. According to Article 15 of the Association Agreement between the EU and Ukraine, the Ukrainian Parliament Commissioner for Human Rights has revised these legislative documents and aligned them with the GDPR. Later, the EU experts checked and confirmed the updates.
This change has shaken the IT world. It made every company profoundly alter their approach to data safety as soon as possible. Each decent business has set customer privacy as their principal business value. The GDPR has made software development agencies to ensure full transparency of personal data usage. It broadened the rights of data subjects and increased the company’s liabilities in case of a data breach.
In fact, a single violation of the GDPR may lead to a huge financial loss. The fine may account for up to €20 million, depending on the severity of the offense. No decent company wants to risk its money and reputation. Thus, to follow the GDPR is a compulsory and first-priority business goal.
There is another growing concern with regard to doing business in Ukraine. People are concerned about the unstable political situation in the state and the ongoing war in the East. Vendors are afraid of their data being physically blocked or destroyed in case something happens in the city where their outsourcing company is located. Yet, there is no reason to worry.
No modern-day IT company stores data on a local, physically present in its office server, and neither do we. Instead, we use cloud technologies for the business and its partners to be able to access the necessary information 24/7.
We Stay on Guard of Your Data
Here in KeenEthics, we track all the Ukrainian and European legislation updates to ensure our full compliance with them.
We care about the safety of your data and make sure that no part of it is stolen, falsified, destroyed, or unwarrantedly accessed.
We follow all the data protection requirements defined in our business strategy, in the agreement with a business partner, and in the legislation of Ukraine and EU. It has been a long and complicated legal procedure we have gone through to ensure that we comply with the GDPR and to get the GDPR Compliant Badge.
We care about our own safety and conduct regular data security and personal safety training sessions with our team members.
All our team members are well-aware of the necessity to use secure passwords and encrypted communication or data exchange channels. We understand the potential risks associated with a failure to do so. Also, we have a hard-drive encryption policy. According to it, every employee protects their hard disc with a cryptographic key. It helps us to ensure that an unwarranted user cannot access the information stored on hard disks even if the computer is lost or stolen.
We care about our network to prevent any network intrusion.
We protect our data with two powerful protocols – NAT (Network Address Translation) and Firewall. NAT is a method that alters network address information in the IP header while the packets are in transit across a traffic routing device. It also remaps an IP address space into another one. Firewall is a protection system that manages incoming and outgoing network traffic under a certain set of security principles.
Our Wi-Fi is secure, hardware and software of routers are up-to-date.
Wi-Fi is protected with a reliable encryption method and a unique, regularly updated password. On a daily basis, we check available upgrades for our routers and install those as soon as there are any.
Our source codes cannot be unlawfully accessed, modified, or stolen.
They are stored on encrypted computers and in the cloud, secured with HTTPS and SSH protocols. HTTPS is a secure version of HTTP, while SSH is a protocol for secure access to a remote computer.
We care about the physical security of our office to keep unauthorized people away.
We have an advanced system of surveillance and emergency alarms. No unapproved people are allowed inside. Also, our team members sign a non-disclosure agreement to prevent an information leak.