The challenge
At Plusboekhouden, every employee had access to all financial data. There was no role-based access control (RBAC) and therefore no separation between roles or client files. This was a direct GDPR risk (article 32) and made any potential breach unnecessarily large.
Our approach
Korur designed and implemented a granular RBAC structure where each employee only accesses data needed for their role. We then performed a GDPR article 32 audit, set up automatic access logs and ensured a complete audit trail.
The result
Fully GDPR-compliant. Automatic access logs make it transparent who has viewed which data. A potential GDPR fine has been prevented and the organisation now has a mature access-control baseline.
Technologies
RBACGDPR Art. 32Access LogsAudit Trail
Want to secure your business too?
No-obligation conversation. Fixed price.