For Nabeyond Ltd, trading as CartDNA, adherence to the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS) is critical to safeguard data privacy, security, and foster trust with customers. Below is a comprehensive list of general principles and practices Nabeyond Ltd, through its CartDNA platform, should follow under both GDPR and PCI DSS frameworks:

GDPR Compliance for Nabeyond Ltd (CartDNA):

Data Protection by Design and Default:

Integrate data protection measures into the development and operation of CartDNA services from the outset.

PCI DSS Compliance for Nabeyond Ltd (CartDNA):

Secure Network and Systems:

Establish and maintain a secure network environment to protect cardholder data processed or stored by the CartDNA platform.

Lawful Processing of Data:

Ensure that all personal data collected and processed through the CartDNA platform is done lawfully, transparently, and for specified, explicit purposes.

Protect Cardholder Data:

Implement data protection strategies for the storage and transmission of cardholder data, including encryption techniques.

Accuracy of Data:

Maintain the accuracy of personal data and allow for its updating or correction.

Vulnerability Management:

Deploy anti-virus solutions and develop secure systems and applications to protect against malware and other cyber threats.

Storage Limitation:

Retain personal data in a form that permits identification of data subjects for no longer than necessary.

Access Control Measures:

Restrict access to cardholder data on a need-to-know basis, assign unique IDs to users, and control physical access to data processing facilities.

Integrity and Confidentiality:

Secure personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage using appropriate technical or organisational measures.

Monitoring and Testing:

Monitor access to network resources and cardholder data, and regularly test security systems and processes.

Rights of Data Subjects:

Facilitate the exercise of data subjects’ rights, including access, rectification, erasure, restriction of processing, data portability, and objection.

Information Security Policy:

Develop and disseminate an information security policy among all employees and contractors involved with CartDNA operations.

Data Breach Notification:

Implement procedures to detect, report, and investigate personal data breaches and notify the relevant authorities and affected individuals promptly when such breaches occur.

Information Security Policy:

Develop and disseminate an information security policy among all employees and contractors involved with CartDNA operations.

General Compliance Practices:

Employee Training:

Conduct regular training sessions for employees on data protection laws, PCI DSS requirements, and security best practices.

Data Protection Impact Assessments (DPIAs):

Perform DPIAs for processing activities that pose a high risk to the rights and freedoms of individuals.

Vendor Management:

Ensure that all third-party vendors and service providers comply with GDPR and PCI DSS standards as part of their engagement with Nabeyond Ltd.

Documentation

Maintain comprehensive documentation of data processing activities, security policies, and compliance efforts.

Nabeyond Ltd, through its operation of CartDNA, is committed to upholding the highest standards of data protection and security, ensuring compliance with GDPR and PCI DSS to protect customer data and maintain trust.