Data protection is a widely discussed societal issue that is becoming increasingly important as digitalisation advances. The EU General Data Protection Regulation (GDPR), which regulates the careful handling of personal data, has been in force since 2018.

Preventive measures

Our company takes numerous preventive measures to ensure data protection for customers, employees and other stakeholders:

• Two in-house data protection coordinators (from the IT and legal departments) and an external data protection officer
   
• Customer and production orders are always separate; Non-disclosure agreements apply
   
• It goes without saying that all security-relevant and personal data is processed at EVVA in compliance with the GDPR
   
• The "Data protection statement for EVVA employees" informs all employees about their data protection rights, but also about their obligations to protect their own rights and the rights of third parties
   
• The applicant management system used ensures that the data of all applicants is used at EVVA in accordance with the guidelines  

• Our AirKey electronic access system fulfilled these requirements long before 2018, when the GDPR only became legally effective. AirKey is particularly interesting for customers who want to control their access via smartphone and do not want to have or set up their own IT infrastructure. The credential data is processed in an ISO27001-certified data centre. EVVA encryption processes (double encryption via ECDSA and AES) are among the most secure in the world 


• Data is stored anonymously and multiple times failsafe in different server rooms in the data centre with the high legal security standards. This protects the digital keys much better than would be possible with a single individual protection measure
   
• Secure data transport between the Internet browser and the EVVA server centre takes place via a protected https connection - as secure as online banking
   
• Additional certified secure elements (= highly secure storage elements that actively encrypt and decrypt) are located in the locking components and identification media
   
• Block hazards early. EVVA uses an AI program that checks which servers it forwards links to in which countries when a website is accessed. And whether it poses a danger. This determines whether this website may be accessed or not. This category also includes the enhanced anti-spam protection for emails installed at EVVA. The tool checks where the links in the emails forward to. Will I be redirected to an unsafe page here? This extra spam protection has proven to stop phishing emails
   

Challenges

Just as conventional burglars constantly challenge tried-and-tested security solutions and leading manufacturers such as EVVA are therefore constantly developing innovative access systems, every company must also prepare for the rapidly increasing cybercrime.

• In recent years, the risk of cybercriminals introducing potentially dangerous viruses/Trojans into companies has increased. EVVA has also already made these attempts (e.g. by disguising them as invoices), but they could all be prevented. EVVA IT has implemented corresponding protection mechanisms. It also continuously informs employees about criminal cybercrime methods and explains how to identify suspicious e-mails, for example
   
• A uniform IT infrastructure is created at all locations in order to avoid interface-intensive individual solutions. There are also fixed update/upgrade cycles for the security-relevant systems and firewalls
   
• EVVA has implemented a security system to further minimise the risk of cyber attacks. A protective screen controls Internet communication before data is loaded onto the network. An AI checks all links and behaviour. Is this a phishing site? Is existing malware attempting to communicate with a home server? This and much more is constantly being reviewed