- Sovereign and certified accommodation in France
- Technical, physical and organizational security
- Confidentiality, Integrity and Availability of data
- Compliance, Governance and Continuity
Data Comply One (formerly Mission RGPD) is committed to all areas that contribute to the security of your data: employees, physical security, access to data, hosting and networks, logs, availability, audits.
Access to your account is secured by several protection mechanisms and we will scrupulously protect your data. Your data is encrypted in transit as well as at rest in our databases.
Data Comply One (formerly Mission RGPD) guarantees the protection of your documents against any modification, thanks to strict control of your data and a regular backups policy.
Your data is replicated in real time in 3 separate data centers in France, automatically switching from one to the other in a few seconds in the event of an incident.
Sovereign and certified accommodation in France
Our platform is based on the Visiativ cloud, hosted in Free Pro data centers located exclusively in France, ISO 27001 and HDS (Health Data Hosting) certified. These infrastructures benefit from network and electrical redundancy (2N), fire detection systems meeting APSAD R13 & VESDA standards, and an availability commitment of 99.982%. Data centers are more than 300 km apart to guarantee a geographically robust PRA/PCA.
Technical, physical and organizational security
- Documented information security policy, validated by the DSSI Visiativ
- Regular penetration tests conducted by external experts
- Dedicated cybersecurity team (DSSI/RSSI) at Visiativ + technical management at Data Comply One (formerly Mission RGPD)
- IT charter, administrator charter, developer charter
- DevSecOps Organization: Continuous implementation of security in development cycles
- 6 physical access control points in data centers
- 24/7 video surveillance with trained and authorized SSIAP agents
- Continuous monitoring of access to Data Comply One premises (formerly Mission RGPD)
- Direct monitoring of visitors and archiving of access logs
Confidentiality, Integrity and Availability of data
- Encryption of data at rest and in transit (TLS/SSL, HSTS, Perfect Forward Secrecy)
- Strong authentication (email + password + optional 2FA)
- Password encryption using SHA-1, SHA-256, or bcrypt hash functions
- Sensitive data exchanged only via secure tools or encrypted media validated by the IT department
- Short-lived certificates (90 days) automatically renewed
- Strict control of access to source code and production environments
- Complete logging of access and actions in systems (audit logs replicated in 3 data centers)
- Log retention: 1 year, secure access (VPN, 2FA)
- Documented incident response, analysis, closure and prevention procedures
- In the event of an incident, immediate notification to the customer and traceability ensured
- Replication of databases in real time on 3 separate sites
- Encrypted backups every hour, retention over 12 rolling months
- Daily testing of restoration processes
- Immutable backups stored on multi-site object storage
- Automatic ramp-up of resources (CPU, RAM, disks)
Compliance, Governance and Continuity
- GDPR compliant platform, regular internal audits
- Designated DPO: dpo@www.datacomplyone.com
- Privacy Policy
- Exercise of people's rights
- Processing mapping, confidentiality policy, data protection charter
- Permanent monitoring of regulatory developments (GDPR, NIS2, e-Privacy, DORA, AI Act...)
- Integrated PRA/PCA: automatic failover in the event of an incident
- Total reversibility in the event of a break: data exportable in open formats (CSV, Excel)
- Contractual commitment to complete and secure restitution of data at the end of the contract