Security of GDPR Register

GDPR Register takes security very seriously and we are continuously improving the security features and controls.

INFRASTRUCTURE COMPLIANCE

GDPR Register application service (https://app.gdprregister.eu) is operated in Amazon Web Services (AWS) infrastructure in EU-Central zone located in Frankfurt, Germany and EU-West zone, located in Dublin, Ireland. Amazon Web Services infrastructure has been certified for strictest industry-specific standards and certifications, including:

ISO 27001, ISO 9001, ISO 27017, ISO27018
PCI DSS Level 1
SOC1, SOC2, SOC3
HIPAA, GDPR, FedRAMP, FIPS and more.

Full list of Certifications, Regulations and Frameworks is located here:
https://aws.amazon.com/compliance/programs

DATA CENTER SECURITY

AWS data centers are secure by design and large number of controls in use make that possible. Data centers include state-of-the-art physical security and environmental access controls in highly secure environment and safety features including:

24/7 professional security staff, video surveillane, and intrusion detection systems.
Fire detection and suppression, redundant electrical power systems, and uninterruptible power supply (UPS)

Full list of controls in AWS data centers:
https://aws.amazon.com/compliance/data-center/controls

AUTHENTICATION

Besides the username and password, GDPR Register is using highly secure Two-Factor authentication via user’s cell phone. During the login process, one time password is sent to user’s phone number as SMS or into Authy mobile application.

DATA COMMUNICATIONS SECURITY

All connections to GDPR Register service are using TLS 1.2 transport layer security where all data is encrypted using 2048 bit RSA keys and SHA256withRSA as a signature algorithm.

AUDITING

GDPR Register has an Audit Trail functionality, which logs every user login and user transaction like creating, modifying or deleting any record in the system.

RELIABILITY AND BACKUPS

In order to provide a highly reliable service, GDPR Register employs technologies like AWS ELB load balancing into multiple application servers, which is adjustable based on system load. GDPR Register uses AWS RDS as its database system, having regular automated backups into multiple AWS regions to prevent any data loss.

SECURE DEVELOPMENT STANDARDS

GDPR Register is following closely OWASP Top 10 Most Critical Web Application Security Risks top list to provide security by design principles, which is located here:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

SUBSCRIPTION BILLING

GDPR Register is using Chargbee (www.chargebee.com) as a subscription billing service provider for managing billing for GDPR Register customers. Chargebee is a PCI Data Security Standard (PCI DSS) Level 1 provider.

Please see the full overview of certifications and security controls of Chargebee here:
https://www.chargebee.com/security

VULNERABILITY SCANNING AND PATCHING

We periodically check and apply patches for third party software/services. As soon as vulnerabilities are discovered, the fixes are applied. We do periodic vulnerability scanning using the services of an authorized vulnerability scanning software.