ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
IT Security

How should security measures be described when there is no jurisdiction over the hardware used by developers?

ANSWER

If the client supplies its own laptops and the organisation has no control over them, it is advisable to define and require adherence to minimum security standards, such as up-to-date software, disk encryption, and antivirus protection. Key measures include implementing conditional access (e.g. VPN plus MFA) and limiting local data storage – cloud or virtual environments may be a suitable solution. In addition, monitoring user access and activity will enable rapid detection of anomalies and potential threats. Compliance with these elements, as well as monitoring of that compliance, should be the subject of a risk analysis.

Show all
PreviousNext

Read also:

07 June 2026

Przygotuj się na atak phishingowy, nim będzie za późno

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

Dr RODO - aplikacja do audytu i ryzyka

Diagnozuj zgodność i dbaj o odporność organizacji

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
IT risk management when working on client hardware | ODO 24 | ODO 24