The GDPR and CogniPlus
The requirements of the GDPR concerning the security of personal data are taken into account in CogniPlus as follows:
Security of processing
- SCHUHFRIED encrypts personal data.
All personal data in CogniPlus is stored in a proprietary database. The database is encrypted individually for each system; it uses binary files and thus cannot be read from outside the program. Access to CogniPlus can be secured by means of passwords; in addition, four security levels enable user rights to be restricted. An individual’s data and training results can of course – as required by the GDPR – be deleted at any time.
- SCHUHFRIED ensures the long-term confidentiality, integrity, availability and resilience of its systems and services in connection with data processing.
- Communication between the CogniPlus components (training programs and administration software) uses an encrypted binary format and is therefore secure. In terms of confidentiality, integrity and authorization, this communication method is state-of-the-art.
- All relevant personal data is stored in a database in pseudonymized form. Without the administration software and the appropriate dongle the data cannot be read in text form.
- Availability and resilience are determined by the system requirements (computer or server configuration). This configuration may need to be adapted to meet the user’s needs (e.g. better CPUs, more memory, etc.).
- SCHUHFRIED has processes in place to ensure that the effectiveness of its technical and organizational measures for ensuring the security of data processing are regularly reviewed, assessed and evaluated.
As part of our certified QM system, SCHUHFRIED’s software development process uses the SCRUM system. SCRUM is an agile and iterative development process in which users are involved from a very early stage.
The high quality of the product is achieved through extensive manual testing by experienced test personnel.
Data-protection-friendly default settings
SCHUHFRIED has taken steps to minimize collection of data in CogniPlus. By requiring entry only of the personal data (such as name, date of birth and gender) that is needed to link the individual to his/her training results and ensure proper evaluation, SCHUHFRIED reduces data to the bare essentials. All other data is entered at the discretion of the user. Personal data is not automatically displayed when CogniPlus is launched.