1. Huro Data Commitment to GDPR
We are committed to providing our integration solutions to our clients in compliance with applicable laws and regulations in general and data privacy laws such as the EU General Data Protection Regulation (GDPR) in particular. We seek to partner with our clients and their users to help them understand how we achieve data privacy compliance as processor and how the platform enables our clients to achieve data privacy compliance as controller.
2. GDPR and what it means for you
3. Our top 5 priorities for GDPR compliance
As a cloud-based integration solutions provider, HDT is processing data on behalf of its clients using the iPaaS platform; therefore HDT is seen as a data processor under the G DPR. In light of existing data privacy laws and data security measures generally expected from a global cloud service provider such as HDT, we have already implemented an information security program consisting of policies and procedures to help ensure that HDT is acting in accordance with current and new compliance requirements when providing our services.
3.2. #2 Appoint a Data Protection Officer
The GDPR will require some organisations to designate a Data Protection Officer (DPO). Organisations requiring DPOs include public authorities, organisations whose activities involve the regular and systematic monitoring of data subjects on a large scale, or organisations who process what is known as sensitive personal data on a large scale. At HDT we have appointed a Director to this role.
3.3. #3 Demonstrate Accountability In All Processing Activities
Our HDT compliance program is based on globally accepted standards. HDT has implemented an information security program consisting of policies and procedures that define how system information is entered, managed, and protected. HDT’s current information security program is specified in our Data Processing Agreement (DPA). In particular, HDT commits to monitor, analyse and respond to security incidents in a timely manner in accordance with HDT’s standard operating procedure, which sets forth the steps that HDT employees must take in response to a threat or security incident. HDT continues to invest in growing a global security capability.
3.4. #4 Check Cross-Border Data Flows
Both the Data Protection Directive and the GDPR permit personal data transfers outside of the EU subject to compliance with defined conditions, including conditions for onward transfer. When a client contracts with HDT, we can enter into a Data Processing Agreement (DPA) with applicable clients. In the DPA, we agree with our client on the terms for the compliant processing of Client personal data, including the description of our security and data privacy policy and the EU standard contractual clauses.
3.5. #5 Prepare For Data Subjects Exercising Their Rights
Within the platform, our clients use the personal data of their users to interact with each other in order to better manage their data analytics. These acting individuals are the data subjects and our clients – acting as data controllers – need to be able to answer certain legitimate requests under the GDPR. As such, our clients will look to HDT as service provider and data processor to offer functionalities within the platform that enable our clients to achieve compliance. Our internal product design processes are focused on the user and their positive and productive experience on the platform. In light of GDPR, HDT periodically reviews the platform features in order to validate that the HDT platform provides the required functionalities to our clients.
Staying current Ensuring the privacy and security of our client’s data is an ongoing commitment for HDT. We will continue to update this document to reflect any GDPR-related developments.
To book a demonstration please fill out the form below and we will be in touch.