DPIA

We take a proactive approach to privacy and data protection. As part of our commitment to the General Data Protection Regulation (GDPR), we have conducted a Data Protection Impact Assessment (DPIA) to evaluate and minimize the privacy risks associated with our data processing activities.

A DPIA is a legal requirement under the GDPR when data processing is likely to result in a high risk to the rights and freedoms of individuals. It helps us ensure that our services, systems, and internal processes respect privacy by design and by default.

Our Approach to DPIA

Our DPIA was conducted in accordance with the core requirements set out under the GDPR:

  • Purpose & Description of Processing: We described all personal data processed by X-Guard, the purposes for which we use it, and the justification for doing so.
  • Necessity & Proportionality Assessment: We evaluated whether the use of personal data is necessary to achieve our service objectives and whether any privacy intrusion is proportional to that goal.
  • Risk Identification: We identified and assessed potential privacy risks to data subjects — including unauthorized access, misuse, and data leaks.
  • Risk Mitigation Measures: We determined and documented technical and organizational measures to reduce or eliminate those risks, including encryption, access controls, and data minimization.
  • Compliance Measures: We outlined specific GDPR compliance actions, including lawful basis for processing, data subject rights facilitation, and processor contracts.

Data Documentation & Subprocessors

As part of our DPIA, we maintain a detailed record of all:

  • Subprocessors and service providers,
  • Source systems and internal tooling,
  • Types of data collected and stored,
  • Legal basis for processing,
  • Access permissions, and
  • Data protection safeguards (e.g., encryption, backup policies, monitoring).

Our subprocessor list is publicly available, and we are fully transparent about what types of personal data are processed through each subprocessor-bound system. This helps ensure accountability and clarity for customers, partners, and regulators alike.