Databases, by nature, contain personally identifiable information (PII). For that reason, anyone who comes in contact with databases will fall under the GDPR’s definition of “data processor,” who is responsible for meeting the compliance requirements.
This policy outlines how Alex Cachia, web developer, addresses the issue of maintaining security and privacy in data processing.
Recital 39 of the GDPR states: "Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for processing."
Only Alex Cachia, web developer, is authorised to make any changes to data, data structure, tables, and schemas under the direction of the client who owns the database or for routine maintenance and bug fixes. In the unlikely even that any unauthorised attempts are made to access the database, Alex Cachia, web developer, has put procedures in place to secure the information collected online.
Article 32 and Recital 83 of the GDPR addresses the issue of maintaining security and privacy in data processing.
As stated in (1.) outside of the clients who own the databases, only Alex Cachia, web developer, has access to the database in terms of testing and maintenance. Should that situation change in the future, encryption technologies will be implemented on a database level to ensure that any other developers and engineers working on the database can do so without compromising any individual’s privacy or breaching any articles of the GDPR.
Alex Cachia, web developer, keeps track of any maintenance activity on her clients databases and has a complete history of all the changes made. This is important in terms of security, accountability, and detecting the causes of errors.