Proper and ethical management of personal data for the Lega del Filo d'Oro
Hospitals, healthcare facilities or non-profit organizations continuously store and process personal data that may be extremely sensitive, while being necessary to provide the required care.
And it is not just about patient records - which today are often digital and therefore exposed to increasing risks of being compromised and stolen. All economic information, such as donations or payments for services received, should be considered to be equally sensitive.
There is therefore a social responsibility in the field of data processing by complex realities such as ONLUS, which entails data management to be safe, high-quality, legally compliant, and also proper and ethical.
The data collected must be protected in accordance with the regulations in force, but also made available and fully intact. Hence the need to address very relevant issues such as transparency and compliance - i.e. the ability to access information in full compliance with the law.
The collaboration with Axitea
Lega del Filo d'Oro is present in Italy through 5 Residential Centers and territorial services, 3 Territorial Centers and a New National Centre in Osimo (AN), inaugurated in December 2017, where 100 people are welcomed, assisted and rehabilitated through all kinds of activities, with the support of health workers and many volunteers who work every day with their families to improve the quality of life of children and adults.
Through its day-to-day activities, such as health services, educational activities, diagnostic centers and intensive treatments, Lega del Filo d'Oro collects a considerable amount of personal and sensitive data. The security factor is therefore essential, due to the sensitive nature of the information handled and the services provided within all the Lega del Filo d'Oro sites.
The collaboration with Axitea has been fundamental for defining and implementing an approach to data processing in line with the principles of social responsibility:
- Creation of a detailed remediation plan with specific improvement actions;
- Creation of a video system based on the Privacy & Security by Design principle.
Through its collaboration with Axitea, Lega del Filo d'Oro has ensured secure, quality, legally compliant, and proper and ethical data management, in line with the principles of social responsibility.
In addition, the entire Lega del Filo d'Oro headquarters area has been secured, thanks to a complex video surveillance system.
Starting with a documental, organizational and process analysis, a detailed verification of the functional requirements already implemented to comply with the GDPR was carried out, in order to identify any IT and procedural system limitations.
Axitea analyzed the projects and GDPR updates already started by the Lega del Filo d'Oro using different steps, concerning:
- Risk management & protection;
- GDPR management model and procedures manual;
- Training & control.
Consulenza & Security by Design
Step 1: Process/organization
During the process/organisation phase, the scope of application of the GDPR regulations at the Lega was evaluated, especially in connection to: processes, ICT infrastructure, organization, product sector, type of business and "Privacy Sensitive" business activities and consequent processing types.
Step 2: Risk management & protection
For the Risk Management & Protection area, the libraries of risk related to tampering, unauthorized access, theft, disclosure without consent and fraudulent use of personal data subject to company processing were assessed, as well as the risk analysis and impact of privacy processing on the rights and freedom of the Data Subjects (DPIA).
Step 3: GDPR management model and procedures manual
The third step concerned the analysis of the GDPR management model and procedures manual.
Basically, a model for monitoring and managing privacy issues was established, with defined roles, responsibilities and procedures, along with a log of the processing carried out by any corporate or external stakeholder.
Step 4: Training & Control
Following this, the Training & Control part was verified, including the acquisition of
expertise, appropriate professional tools, the improvement process, training of the staff involved and awareness-building for all company stakeholders.
Creation of a detailed remediation plan with specific improvement actions;
SECURITY BY DESIGN
In addition to analysis of the Privacy area, Axitea designed and installed an integrated video surveillance system fully compliant with GDPR regulations, to monitor a total area of 5.6 hectares - half of which is occupied by green areas - with entrance gates and numerous potentially critical points in terms of security risks.
The system is scalable and able to monitor entrances and exits, the perimeter, parking lots and other areas at risk, 24 hours a day, 365 days a year.
The cameras are equipped with many advanced features, such as the ability to zoom in and change the camera angle by moving the frame with preset tours, to allow for automatic continuous movement; if necessary, the cameras can also be panned and controlled manually by an authorized operator.
The entire video control system is managed by a single supervisor, through which one or more operators can view all the cameras in real time, manually control camera tilting, view the graphic map of the building complex with the exact location of the cameras, and receive reports of any video system faults, in full compliance with the provisions set forth by L.300/1970 and Leg. Decree no. 151/2015.
In order to protect the video-surveillance system against unauthorized internal or external intrusions, in compliance with the Security by Design principle, suitable technologies have been adopted to provide specific features, such as encrypted communication to the cameras, digital signatures on video exports, double exporting disabling and two-factor authentication.
Private security services that include alarm monitoring 24/7 from the Security Operation Center, alarm follow-up intervention by...
Verification of potential GAPs in the mandatory protection measures compliance requirements, and security of personal data processed...
Company perimeter protection systems, anticipating anti-intrusion alarms and significantly reducing the likelihood of theft.
Would you like to know more on what Axitea can do for you?