Data Protection and Privacy Plan

This Data Protection and Privacy Plan establishes a structured framework to safeguard personal, financial, and operational data in compliance with the Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), and other applicable regulations. This plan ensures the confidentiality, integrity, and availability of data while supporting operational resilience.

• Data Inventory and Classification: Maintains an up-to-date inventory of data assets categorized by sensitivity and access requirements.
• Data Security Measures: Implements encryption, data masking, and regular backups to protect sensitive data at all stages.
• Access Controls: Enforces role-based access and multi-factor authentication (MFA) to restrict unauthorized data access.
• Privacy Compliance: Addresses GDPR data subject rights and establishes procedures for handling Data Subject Access Requests (DSARs).
• Incident Management: Integrates breach detection, response, and notification protocols into the Incident Response Plan (IRP).

This plan supports compliance with data protection regulations, enhances organizational resilience, and protects sensitive information against potential threats.