Data Loss Prevention (DLP) Policy

Menelabs O.E.

Purpose

The purpose of this Data Loss Prevention (DLP) Policy is to establish guidelines and procedures to protect the sensitive data of our customers and their customers. The policy aims to prevent unauthorized access, accidental disclosure, and data breaches.

Scope

This policy applies to all employees, contractors, and third-party vendors who have access to or handle sensitive data within Menelabs O.E.

Data Classification

Data within Menelabs O.E. will be classified into the following categories:

  • Public: Non-sensitive data intended for public consumption.
  • Internal Use Only: Data restricted to internal company use.
  • Confidential: Sensitive data, specifically customer information, including personal details such as addresses, names, telephone numbers, and email addresses.

Storage and Encryption

Sensitive data will be stored in Azure Storage Blobs, utilizing encryption at rest and in transit. Access to the Azure Storage Blobs will be limited to authorized personnel only.

Access Controls

Access to sensitive data will be strictly controlled through the use of strong passwords and two-factor authentication (2FA). Only authorized users will be granted access to the data, based on their roles and responsibilities within the organization.

Monitoring and Logging

Menelabs O.E. will implement monitoring and logging mechanisms to track access to sensitive data. This includes monitoring application access, login attempts to the company's admin backend, and exceptions within the application. Logging information will be retained for auditing and incident response purposes.

Incident Response

Menelabs O.E. has an incident response plan in place to address data breaches or incidents involving sensitive data. The plan includes steps for identifying, containing, mitigating, and notifying relevant parties in the event of a security incident.

Compliance with GDPR

Menelabs O.E. will comply with the General Data Protection Regulation (GDPR) requirements for handling and processing customer data. This includes obtaining appropriate consent, providing data subject rights, and ensuring data security and privacy.

Training and Awareness

Menelabs O.E. will provide regular training and awareness programs to employees and contractors regarding data protection, privacy, and the importance of complying with this DLP policy.

Review and Updates

This DLP policy will be reviewed periodically and updated as necessary to reflect changes in technology, regulatory requirements, or business operations.

By implementing and adhering to this Data Loss Prevention (DLP) Policy, Menelabs O.E. aims to safeguard the sensitive data of its customers and maintain a high level of data security and privacy.