Summary:
This article explains how BrynQ supports GDPR-related controls such as logging, data location, incident notification, and data deletion.
BrynQ data protection overview
BrynQ is designed to help you protect personal data and meet legal duties. Salure’s ISO 27001-certified management system defines measures for logging, access, backup, encryption, and incident handling that also apply to BrynQ.
Audit logging and traceability
BrynQ keeps audit logs of master data changes and shows what changed, who made the change, and when.
API transactions and other important interactions are also logged and can be traced.
Salure offers an extensive audit trail for its applications; customers can review this themselves. Logs cannot be removed and are regularly reviewed.
There are controls for event logging, log protection, and administrator logs.
Data location and storage in the EU
Data processed by BrynQ is hosted in professional data centers in the Netherlands.
By default, data is stored within the European Union, unless you agree on a different location with Salure.
Salure’s ISO 27001 scope includes the development and delivery of software and Business Intelligence services in the Netherlands, including BrynQ.
Incident notification and reporting
Customers are informed “without undue delay” when a security incident affects their data.
There are controls for reporting information security incidents and weaknesses, assessing incidents, and learning from them, with clear responsibilities and procedures.
These processes ensure a structured response to data breaches and other serious issues.
Data retrieval and destruction at contract end
There are documented procedures for data retrieval if the cooperation ends.
There are also procedures for secure data destruction, based on ISO 27001 guidance.
In the BrynQ architecture, customer data is stored in separate containers and on persistent storage; the retention period is agreed with the customer, or data is not stored at all.
Controls for return of assets, disposal of media, and protection of records support this approach.
Backups and data availability
Database backups are made every 15 minutes and kept for a long period, with extra monthly copies.
Backups for the BrynQ app are made several times per day; the RPO is effectively immediate, and the RTO is one working day.
These measures help keep personal data available and restorable when needed.
Procedure:
For a GDPR or privacy assessment, list the topics you need to check: logging, location, backups, incident handling, and exit procedures.
Use the “Audit logging and traceability” section to describe how BrynQ records changes and interactions.
Use the “Data location and storage in the EU” section to answer questions about where data is stored.
Use the “Incident notification and reporting” section to explain how Salure informs you about security incidents and how they are handled.
Use “Data retrieval and destruction at contract end” when you create an exit plan and align it with your own policies.
Add information from “Backups and data availability” to your internal documents so risk and continuity teams know BrynQ’s RPO and RTO values.
Additional Information:
Many of these practices relate to ISO 27001 measures for asset management, access control, operations security, communications security, and incident management.
You can support internal auditors with a copy of Salure’s ISO 27001 certificate and Statement of Applicability.