On 25 May 2018, the most significant piece of European Union’s data protection legislation General Data Protection Regulation (GDPR) came into force. GDPR is designed to protect the personal data of individuals and facilitate the exchange of information for businesses that operate in the European Union.
A global leader in data and analytics, Ugam has taken proactive measures to ensure the safeguarding and protection of the personal data of its customers, respondents and employees. Ugam is primarily a Data Processor in the context of GDPR.
Following is an overview of various steps we have been taking towards GDPR compliance at Ugam:
We have established the Data Protection Governance Framework in the organization to cover privacy compliance.
Data Privacy Team
Dedicated team established to implement GDPR and Data Privacy controls in the organization. The information security team and this dedicated team have been trained on GDPR compliance requirements.
Training and Awareness
A Data Privacy awareness program has been developed. The key stakeholders i.e. Senior Management, Legal, IT, Business Operations have been trained about privacy and the importance of GDPR. We have rolled out dedicated GDPR training for all our employees across all locations.
Privacy Impact Assessment (PIA)
We have mapped client specific data flow and performed client specific PIA.
Data Breach Incident Management
Information Security Incident Management covers the process for notification of Data Breach incidents to the data collector within 72 hours.
Technical Security Controls
Ugam is certified for ISO 27001:2013 for its delivery centers in India. However, below are the primary controls with regards to Data Protection
Vendor Privacy Compliance
- Segregation of Data - Separate file folder structure being created for each client, which ensures segregation of data. Personal data is maintained in segregated logical access restricted folders.
Ugam Vendor Information Security Assessment (U-VISA) Process has been established to cover Privacy compliance as well. Agreements are being updated to cover the Data Privacy aspects as well.
For more information, contact: email@example.com