- GDPR (General Data Protection Regulation) includes mandates, repeals, exceptions and responsibilities for all organizations to ensure that personal data of EU residents is protected. The nucleus of the GDPR is to strengthen and unify data protection for individuals within the EU as well as address the export of personal data outside the European Union (EU), which means it protects the misuse of personal identifiable information (PII) of any kind of EU citizens.
- The regulation requires a programmatic approach to data protection and a defensible programme for compliance will be required to prove that you are acting appropriately. As part of these efforts, organizations need to consider the following important points.
- Data footprint in the EU (e.g. data about employees, consumers and clients)
- Preparedness to provide evidence of GDPR compliance to EU or US privacy regulators
- Visibility of and control over personal data we collect, use it, share it.
- Privacy by design and privacy impact and risk assessments.
- Data breach notification and security
- Have we defined a roadmap for GDPR compliance?
- Cross-border data transfer strategy
iSmart Solulab LLP Compliance with GDPR
Here is a high-level overview of what all we have done in order to be GDPR compliant.
- We have raised awareness across the organization about the importance of information security and the high standards set by GDPR.
- A Data Protection Officer (DPO) has been appointed as per GDPR mandate.
- Our application is enabled to manage consent from data subjects which leads to execute their rights toward their PII.
- A roadmap has been prepared to detail various categories of personal data processed by our company and access to which data and for what purpose to fulfill privacy by design measures. It has a comprehensive coverage of all our processes and procedures.
- All contracts with sub-processors (third party service providers, partners) are amended to satisfy GDPR requirements. All your data is encrypted and stored in world class data centers managed by Amazon Web Services (AWS). We also use many services provided by AWS to ensure that data is frequently backed-up and available.
- In the case of a personal data breach, Customers will be notified of a breach within 72 hours after the company becomes aware of it.
- Streamline data protection impact assessment (DPIA) for all applications processing large volumes of PII data.
This information helps you understand how we addressed some important GDPR requirements that we are legally obliged to comply with, under EU laws.
If you have any queries, you may contact us on [email protected]