GDPR- What we doing about it..
We always made our user's right to data privacy and protection. we have made our commitment to this by consistently exceeding industry standards. Beyond what is required to the functional of our products we have no need to collect and process user's personal information. We have a privacy conscious culture here and G.D.P.R is an opportunity to strengthen this.
What is G.D.P.R?
It is a data protection law and E.U wide privacy that regulates how E.U residents data is protected by companies and E.U resident have over their personal data. It is relevant to any operating company and not just the E.U based resident and E.U business. Our customer data is very important irrespective of the location that is why we have implemented G.D.P.R controls as our baseline standards for all operations worldwide. G.D.P.R has taken effect from 25th May 2018.
What is personal data?
Any data that relates to an identifiable individual. It covers a broad spectrum of information, to identify a person, personal data extends beyond a person's name or email address. Some examples include financial information, political opinions, generic data, biometric data, IP addresses, physical addresses and ethnicity.
How G.D.P.R is prepared?
We have acted on many fronts to adhere this new regulation.
- We have raised awareness across the organization through trained employers to handle data appropriately and by frequent discussions. They now understand the importance of information security and high standard set by G.D.P.R.
- We have accessed all our products individually against the requirements of the G.D.P.R also we are implemented new features that helps the ease of burden and achieving G.D.P.R compliance.
- We have constituted an Information Asset Register(IAR) , which includes information such as data controller and processor. The details on various organization and which department is getting access to which data and for what purpose. It has a comprehensive coverage of all our process and procedures.
- We have accessed our third party service providers and partners that streamlined the contact process with them to ensure that they have addressed the pressing needs of current security.
- The concept of privacy by design and have provided by you give more control over the data you stored in our system is done with our application team. These provisions may varies based on product characterized and domain. We provide consistent endeavor, to provide you with more enhancements we shall be rolled out in phases.
- We conducted(D.P.I.A) Data Protection Impact Assessments based on the results we have put in place to control the data processing and management.
- The internal audits are conducted to our products process operations and management. The findings were communicated to our teams who have worked out the identified problems and solutions.
- We have improved our data security methods and processes based on the D.P.I.A.s and internal audits. This includes the encrypting data at rest based on the level of sensitivity and livelihood of risks. We have developed our households for discovery of data.
- The databases are cleaned to ensure that we have only the latest and most accurate information. We are removing terminated account as per our "Terms of Services".
- The breach notification will be done according to our internal privacy Incident Response Policy. Customers will be notified with in 72hours. For general incidents we will notify users through our blogs ,forums and social media. We will notify the concerned party through emails about the incidents prefer to the individual user or organization.