How does Holm Security ensure GDPR-compliant management of personal data and internal controls?

Holm Secuirty has implemented and maintains a structured management system and internal control framework governing the processing of personal data. This framework is aligned with GDPR requirements and industry best practices. In addition, Holm Security is certified according to ISO/IEC 27001:2022, which provides a robust, risk-based approach to information security management, including controls relevant to the protection of personal data. The internal control system is regularly reviewed, audited, and updated to ensure continuous compliance and improvement.

Where required under article 37 of the GDPR, the supplier has appointed a Data Protection Officer (DPO). The DPO is responsible for overseeing data protection compliance, advising the organization on its obligations, and acting as a point of contact for supervisory authorities and data subjects.

Upon request, Holm Security is able to provide clear and comprehensive documentation covering:

• The organization, management, and control of data protection within its operations and supply chain, including clearly defined roles and responsibilities;
• The processing of personal data within the services, including systems used, data flows, and the involvement of sub-processors, as well as the purpose and legal basis for such processing; and
• The allocation of roles and responsibilities under applicable data protection legislation, including between the customer, the supplier, and any authorized sub-processors.

This approach ensures transparency, accountability, and full alignment with GDPR requirements.