ProData Consult Group obtains ISAE 3000 GDPR Assurance Report for 2020
ProData Consult Group renews its ISAE 3000 GDPR Assurance Report, confirming the compliance with the European legislative standards for the processing of personal data. Essentially the report serves as proof that ProData Consult complies with and adheres to the provisions of the General Data Protection Regulation (EU).
The handling of personal data is a vital task, and at ProData Consult the securing of client and consultant data continues to be of the highest priority:
"We are proud to have achieved the ISAE 3000 GDPR certification again for 2020, as it confirms our high-quality internal security controls. We are a company with a high growth rate, recently with acquisitions in Sweden and Norway, and maintaining the high quality benefits existing as well as new consultants and clients in all countries”, says Claus Flinck, Group CIO of ProData Consult.
Securing personal data is an integral part of ProData Consult’s processes. For more than 20 years, ProData Consult has focused on the proper and safe handling of all data flowing within the company. It is an essential condition that must be in place before any business activity:
“We have a considerable focus on the responsible processing of personal data. We ensure the rights of the data subject and have made security an integrated part of our processes. For instance, since 2007 we have had privacy conditions and consent forms on our website so that all data received from consultants only is processed within the agreed-upon and very narrow purposes, such as the provision of a job assignment”, Claus Flinck explains.
ISAE 3000 GDPR
ISAE 3000 GDPR is the international standard for assurance over non-financial information and is based on the European General Data Protection Regulation Act.
The law applies to any form of personal data processing, including: collection, registration, classification, storage, use, disclosure, coordination and deletion of data.
Companies are audited against the provisions of the General Data Protection Regulation. More specifically, a thorough inspection is performed of the company’s controls. The following methods are applied: interviews of selected personnel at the company regarding controls, observation of how controls are performed, review and evaluation of policies, procedures and documentation concerning the performance of controls, and finally, a retesting of procedures to verify that the control is working as assumed.