Comprehensive Compliance Framework
Below is a comprehensive list of general principles and practices Nabeyond Ltd, through its CartDNA platform, follows under both GDPR and PCI DSS frameworks to ensure the highest standards of data protection and security.
GDPR Compliance for Nabeyond Ltd (CartDNA)
Comprehensive data protection measures in accordance with European Union regulations
Data Protection by Design and Default
Integrate data protection measures into the development and operation of CartDNA services from the outset.
Lawful Processing of Data
Ensure that all personal data collected and processed through the CartDNA platform is done lawfully, transparently, and for specified, explicit purposes.
Accuracy of Data
Maintain the accuracy of personal data and allow for its updating or correction.
Storage Limitation
Retain personal data in a form that permits identification of data subjects for no longer than necessary.
Integrity and Confidentiality
Secure personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage using appropriate technical or organisational measures.
Rights of Data Subjects
Facilitate the exercise of data subjects' rights, including access, rectification, erasure, restriction of processing, data portability, and objection.
Data Breach Notification
Implement procedures to detect, report, and investigate personal data breaches and notify the relevant authorities and affected individuals promptly when such breaches occur.
PCI DSS Compliance for Nabeyond Ltd (CartDNA)
Payment Card Industry Data Security Standard adherence for secure payment processing
Secure Network and Systems
Establish and maintain a secure network environment to protect cardholder data processed or stored by the CartDNA platform.
Protect Cardholder Data
Implement data protection strategies for the storage and transmission of cardholder data, including encryption techniques.
Vulnerability Management
Deploy anti-virus solutions and develop secure systems and applications to protect against malware and other cyber threats.
Access Control Measures
Restrict access to cardholder data on a need-to-know basis, assign unique IDs to users, and control physical access to data processing facilities.
Monitoring and Testing
Monitor access to network resources and cardholder data, and regularly test security systems and processes.
Information Security Policy
Develop and disseminate an information security policy among all employees and contractors involved with CartDNA operations.
General Compliance Practices
Employee Training
Conduct regular training sessions for employees on data protection laws, PCI DSS requirements, and security best practices.
Data Protection Impact Assessments (DPIAs)
Perform DPIAs for processing activities that pose a high risk to the rights and freedoms of individuals.
Vendor Management
Ensure that all third-party vendors and service providers comply with GDPR and PCI DSS standards as part of their engagement with Nabeyond Ltd.
Documentation
Maintain comprehensive documentation of data processing activities, security policies, and compliance efforts.
Our Commitment to Excellence
Nabeyond Ltd, through its operation of CartDNA, is committed to upholding the highest standards of data protection and security, ensuring compliance with GDPR and PCI DSS to protect customer data and maintain trust.
Compliance Questions?
Our compliance team is available to answer any questions about our GDPR and PCI DSS adherence and security practices.