General Data Protection Regulation (GDPR in short) is the new EU directive for data protection and privacy. GDPR is rather complex, and there are still parts that may seem unclear.
At Kalpavruksh, we have the skills and knowledge to guide our customers through the process of ensuring that our cooperation complies with GDPR.
Storing sensitive data
Our processes guarantee sufficient security for data which is personal and potentially sensitive.
We have processes in place for how to receive personal data, for how to handle and store the personal data – and perhaps most importantly, how we remove data and under which circumstances we should do so.
The agreements (for example personal data processing agreements) that we sign with our clients have been professionally developed and follow the regulations of Datatilsynet (Danish Data Protection Agency) and GDPR in the management of personal data. The agreements comply with GDPR.
Before we start a cooperation, we do a thorough assessment of which data we may potentially work with, which data is personal and sensitive, and which data is not.
If we are to work with sensitive data, we give recommendations for how to set up our process to minimize security risks. Then we set up the process with the client, giving the client full insight in how we manage the data.
Rules on data transfers outside the EU
When data is transferred to countries outside the EU, stricter regulations apply. Whenever possible, we set up a working procedure that allows us to work in the client’s environment through secure access points. In 90% of the cases we do not need to handle personal data at our own sites, neither in Denmark nor or at our delivery center in India. But in those projects where managing data outside of the EU is necessary, we have the processes and the agreements in place to ensure GDPR compliance.
Security in our delivery center
In our preparations for GDPR we have heightened the security at our big delivery center in Navi Mumbai, India. We already have biometric identification in place for accessing the office and have developed new policies for staff using their own devices at the office. We still allow BOYD (bring your own advice), but we have updated our policies and introduced a stricter process for controlling when data is brought outside of the office. We save log history and have routines in place for what to do if a data breach does happen. We have also gone over the routines for keeping our IT equipments safe.
Compliance with GDPR requires that the whole organization receives training in what GDPR and the regulations of Datatilsynet signify and understand the importance of abiding by the processes and rules in place.
We continuously train our staff in GDPR compliance, in Denmark as well as in India.
We audit our policies, processes and systems regularly: every quarter, six months and annually. In our audits we go through the processes and explore what improvements can be made.
GDPR compliance is not a one-shot project, but a continuous process. Kalpavruksh continues to keep up to date with the development of the data protection regulation, to ensure that we, and our client projects, comply with current legislation.
Have any questions about our services, or just want to find out more about how we can help you reach your goals? Engage with us!