Security, Privacy by Design & Architecture

27 May 2026

What technical and organisational measures (TOMs) enforce Privacy by Design?
Is the platform aligned with recognised security frameworks like ISO 27001?

Aspects of GSE cybersecurity and architecture that are relevant to GDPR compliance.

What technical and organisational measures (TOMs) enforce Privacy by Design?

The platform architecture incorporates Data Protection by Design and by Default. Technical controls include:

Infrastructure Security: Secure cloud deployment utilising strict perimeter controls.
Access Control: Role-Based Access Control (RBAC) to ensure only authorised investigators query data.
Encryption Protocols: Dual-layer encryption covering all personal data both in transit and at rest.

Is the platform aligned with recognised security frameworks like ISO 27001?

Yes. The platform's security posture integrates international standards, ensuring that data protection strategies map directly to ISO/IEC 27001 (Information Security Management) frameworks. This alignment guarantees independent validation of continuous risk assessments, vulnerability management, threat monitoring, and structured incident response procedures.