Personal data protection

CESNET users’ personal data are treated legally and with due care in compliance with personal data protection regulations. The same principles apply in respect of the user data stored with us.

The priority is to ensure data confidentiality, availability and integrity, i.e. prevent any unauthorised access to data, their unauthorised leak, disclosure or other unauthorised processing while ensuring their high availability.

The core of security measures applied in the CESNET e-infrastructure consists in cutting-edge devices, highly qualified and ethical staff, customised physical protection, and a number of further organisational measures. We are aware that the softest spot of security is the human factor; accordingly we put great emphasis on continuous training of employees and raise their awareness of fundamental principles of security and privacy protection.

Technical measures

  • Personal data are kept in a safe environment, only accessible by Association’s employees.
  • Encryption and encrypted protocols are used to process personal data (i.e. in accessing them or in their transmission).
  • Before accessing or altering own personal data, the users (data subjects) must verify their identity by providing individual login data.
  • In order to ensure data availability, confidentiality and integrity, strict rules in respect of the backup of user personal data backup (and data in general) have been defined.
  • The traffic is being monitored meticulously and systematically, thus allowing that any operation and security issued are addressed timely and efficiently and their impact is mitigated.
  • The operated systems are being tested continuously to identify any vulnerability and other soft spots in their protection.

Organisational measures

  • The minimisation principle in respect of granting privileged access rights is adhered by.
  • Strict measures in respect of user identity administration, authentication and authorisation are applied.
  • All Association’s employees adhere by confidentiality and secure data treatment principles.
  • A number of workshops focusing on security is held, available (some of them even compulsory) to all employees.
  • Personal data protection commissioner has been appointed, acting also as privacy protection consultant.
  • Procedures for maintain processing logs and risk assessment have been introduced.
  • Data processing agreements have been concluded with sub-contractors commissioned to process the data by the Association.

Physical measures

  • The Association’s premises, including special work places (laboratories, computer halls, etc.), are protected by means of access management and CCTV systems.
  • The fundamental features of the communication infrastructure and services have sufficient performance and redundancy, thus ensuring smooth operation.

Last change: 23.7.2018