Data Protection Policy for ISMS Copilot

Introduction:

This Data Protection Policy outlines ISMS Copilot's commitment to safeguarding personal data in compliance with applicable data protection laws, including GDPR. It details our principles, roles, procedures, and practices to ensure the protection of personal data.

1. Data Protection Principles

ISMS Copilot adheres to the following principles to ensure data protection:

• Lawfulness, Fairness, and Transparency: Process data lawfully and fairly, providing clear information to users.
• Purpose Limitation: Collect data for specified, explicit, and legitimate purposes.
• Data Minimization: Collect only the data necessary for specific purposes.
• Accuracy: Maintain accurate and up-to-date data.
• Storage Limitation: Retain data only as long as necessary for processing purposes. Whenever we can technically, we reduce this period.
• Integrity and Confidentiality: Ensure appropriate security measures to protect data.
• Accountability: Demonstrate compliance with data protection principles.

2. Roles and Responsibilities

The founder of ISMS Copilot, a certified information security manager, is responsible for data protection within the organization, ensuring compliance with GDPR and other applicable data protection laws.

3. Data Handling Procedures

• Data Collection and Processing: Personal data is collected and processed securely, based on lawful grounds such as consent or contractual necessity. Data is not downloaded onto staff devices.
• Data Storage: User data is stored securely in databases, with access limited to our staff.
• Data Sharing: Data is not shared externally, except with trusted third-party providers under data processing agreements to ensure GDPR compliance.

4. Data Breach Response