GDPR: How is Ugam ensuring compliance
On 25 May 2018, the most significant piece of European Union’s data protection legislation General Data Protection Regulation (GDPR) came into force. GDPR is designed to protect the personal data of individuals and facilitate the exchange of information for businesses that operate in the European Union.
A global leader in data and analytics, Ugam has taken proactive measures to ensure the safeguarding and protection of the personal data of its customers, respondents and employees. Ugam is primarily a Data Processor in the context of GDPR.
4 Following is an overview of various steps we have been taking towards GDPR compliance at Ugam:
Governance Framework
We have established the Data Protection Governance Framework in the organization to cover privacy compliance.
Data Privacy Team
Dedicated team established to implement GDPR and Data Privacy controls in the organization. The information security team and this dedicated team have been trained on GDPR compliance requirements.
Policy
The Data Privacy Policy has been approved by the senior management and published on the intranet portal and made available to all the employees of the organization. Similarly, we have also updated our privacy policy on our website in accordance with GDPR.
Training and Awareness
A Data Privacy awareness program has been developed. The key stakeholders i.e. Senior Management, Legal, IT, Business Operations have been trained about privacy and the importance of GDPR. We have rolled out dedicated GDPR training for all our employees across all locations.
Privacy Impact Assessment (PIA)
We have mapped client specific data flow and performed client specific PIA.
Data Breach Incident Management
Information Security Incident Management covers the process for notification of Data Breach incidents to the data collector within 72 hours.
Technical Security Controls
Ugam is certified for ISO 27001:2013 for its delivery centers in India. However, below are the primary controls with regards to Data Protection
- Segregation of Data - Separate file folder structure being created for each client, which ensures segregation of data. Personal data is maintained in segregated logical access restricted folders.
Vendor Privacy Compliance
Ugam Vendor Information Security Assessment (U-VISA) Process has been established to cover Privacy compliance as well. Agreements are being updated to cover the Data Privacy aspects as well.
For more information, contact: info@ugamsolutions.com