GDPR Assessment
- GDPR (General Data Protection Regulation) includes mandates,
repeals, exceptions and responsibilities for all organizations to
ensure that personal data of EU residents is protected. The nucleus
of the GDPR is to strengthen and unify data protection for
individuals within the EU as well as address the export of personal
data outside the European Union (EU), which means it protects the
misuse of personal identifiable information (PII) of any kind of EU
citizens.
- The regulation requires a programmatic approach to data
protection and a defensible programme for compliance will be
required to prove that you are acting appropriately. As part of
these efforts, organizations need to consider the following
important points.
- Data footprint in the EU (e.g. data about employees, consumers
and clients)
- Preparedness to provide evidence of GDPR compliance to EU or US
privacy regulators
- Visibility of and control over personal data we collect, use it,
share it.
- Privacy by design and privacy impact and risk assessments.
- Data breach notification and security
- Have we defined a roadmap for GDPR compliance?
- Cross-border data transfer strategy
iSmart Solulab LLP Compliance with GDPR
Here is a high-level overview of what all we have done in order to
be GDPR compliant.
- We have raised awareness across the organization about the
importance of information security and the high standards set by
GDPR.
- A Data Protection Officer (DPO) has been appointed as per GDPR
mandate.
- Our application is enabled to manage consent from data subjects
which leads to execute their rights toward their PII.
- A roadmap has been prepared to detail various categories of
personal data processed by our company and access to which data and
for what purpose to fulfill privacy by design measures. It has a
comprehensive coverage of all our processes and procedures.
- All contracts with sub-processors (third party service providers,
partners) are amended to satisfy GDPR requirements. All your data is
encrypted and stored in world class data centers managed by Amazon
Web Services (AWS). We also use many services provided by AWS to
ensure that data is frequently backed-up and available.
- In the case of a personal data breach, Customers will be notified
of a breach within 72 hours after the company becomes aware of it.
- Streamline data protection impact assessment (DPIA) for all
applications processing large volumes of PII data.
This information helps you understand how we addressed some
important GDPR requirements that we are legally obliged to comply
with, under EU laws.
If you have any queries, you may contact us on [email protected]