Most data privacy laws require organisations to ensure a high level of security for the personal data they collect in order to prevent unauthorised access to it. GDPR’s concept of “Privacy by design and by default'' supports the idea that security should be a core part of an organisation from the beginning, not added afterwards.
The regulation suggests certain methods such as encryption, anonymization and pseudonymization, but also specifies that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.
California Consumer Privacy Act also requires businesses to maintain “Reasonable Data Security and Privacy” regarding California consumers’ personal data. Encryption and deidentification are two of the methods suggested within the law. Under the CCPA, consumers whose personal data was kept non-encrypted and was subject to unauthorised access, disclosure or theft, benefit from a private right of action.
Clym is built with security in mind, based on the “Security by design and by default” principle, our infrastructure being secured through a defense-in-depth layered approach.
The value of personal data is increasing. This means that companies that store their customers’ data must implement increasingly sophisticated methods of protecting it, especially in the age of data privacy.
Clym encrypts all Clym encrypts all personally identifying information (PII), including IPs and browser data. We never share personal information unencrypted, in plain text, nor include it as such in the consent receipts that we generate.
Anonymisation is one of the recommended measures for protecting personal data against unauthorised and malicious access, by recent data privacy laws and regulations. Clym creates anonymised user profiles for data subjects, which include all consents and data subject requests.
Data is as important to us as it is to you. We store and process information in data centers located inside and outside of the European Union and store backups on an internal non-publicly visible network on NAS/SAN servers.
To protect our customer accounts from credential-related risks, we provide passwordless authentication and authorisation through e-mail magic links. This means that you won’t have to remember yet another password.
Clym benefits from a full audit mechanism on user and system behaviour that helps us identify suspicious activity and malicious behaviour. We use this audit system for user consent actions and cookie management. Everything is cryptographically signed to avoid tempering and cannot be changed, creating an audit trail.
Clym uses Blockchain-like technologies through an audit system for both user consent actions and cookie management, that contains besides records about the actual consent, records about how it was presented to the user. All these are signed and it cannot be changed.
We take reasonable precautions to ensure the protection of the data within our possession from loss, misuse and unauthorised access through policy-based access control, encryption and multi-factor authentication.
See you on the safe side