GDPR Compliance (EU General Data Protection Regulation)
On 25 May 2018, the GDPR (General Data Protection Regulation) came into force. This new data protection regulation affects all businesses that operate in Europe and handle personal data, in any sector and regardless of their country of origin. Companies will have to be transparent about how they collect, process, and keep this data.
GDPR brings data protection law into line with technological developments which have impacted on the way organisations and consumers interact.
Integra Global Solutions carefully considers the protection of all personal data that flows into and outside our organisation and we have substantially invested on all areas in preparing for the implementation of the new data protection regime. We respect the need for us to process our customer’s data and keep it secure in accordance with the GDPR rules. We understand our role as both data controller and data processor depending on the way personal data is made available to us.
Data protection act and GDPR compliance
Many of the GDPR’s main concepts and principles are much the same as those in the UK data protection act to which Integra strictly adheres to and in compliance for more than 10 years. Our approach to data protection and compliance will remain valid under the new GDPR regulations.
The GDPR builds on the existing data protection regime by introducing new aspects such as the accountability principle, increased rights for data subjects, direct obligations on data processors and new rules around data breach notifications.
Although the key principles of data protection still hold true to the previous directive, some changes have been made to the regulatory policies. The key points and differentiating factors of the GDPR directive are
- Secure storage and handling of data
- Right to be informed
- Right to delete information
- Limit the purpose of your information
Secure data storage and handling
We have taken extensive steps to protect and handle your information. The following are the various points that we have undertaken to ensure the security of your data.
Physical and Environmental Controls
- 24/7 security guards at our building
- Finger print scanner access doors to prevent entry of un-authorized personnel
- Computing equipment in access-controlled areas
- Humidity and temperature control with alarm placed in server rooms
- Diesel generators power back up with on-site diesel fuel storage
Operational Security Controls
- High-end firewall gateway which provides security, web control, and application control.
- Symantec end point protection is used to prevent, detect, and eradicate malware along with device control.
- Connected to the Internet from multiple Internet Service Providers served from multiple telecommunication provider Points of Presence.
- Information Security staff monitors notification from various internal systems.
- Active Directory Authentication is used for User access control and network access.
- Restricted Internet access
- Our high security servers are managed from USA data centers
- No removable drives (CD/DVD) in the operations floor
- Activity monitoring software is installed in all our computers
- All our systems are access restricted by multiple levels of password protection
- No printers, USB based pen devices and DVD/CD drives on the work floor
- Computer networks are safe guarded by many levels of software
- Your information is used only to process the tasks that you have assigned to our staff
- NDA (Non-disclosure agreement) signed by every staff member
- Independent screening and background checks before employment
- Extensive data confidentiality training as per ISO 27001 standards
- No mobile phones are allowed inside offices and kept in lockers outside
Right to be informed
- The information that you provide for processing and completing your work tasks will only be used by Integra and its operations branch in India
- This information will be used by our staff who will perform the project tasks assigned and agreed upon by both parties
- Your information will not be shared with any third-party companies
Right to delete information
- You can also choose to delete your process/project data whenever during the period you are using our services.
- This information will only be stored as long as you are a client of ours and will be deleted when you stop using our services.
Limiting the purpose of your information
- Your project/task information will only be used to perform the tasks that you have agreed to send to us and have signed an agreement with us on.
- Our service agreement clearly states in which of our offices your projects tasks will be processed, and data will be handled. You are given the option to agree to this or not.
- In addition to the standard service agreement, we will also provide you with a detailed data processing agreement compliant to GDPR
- You can withdraw the consent to any of this agreement, whenever you chose to
How Integra achieved GDPR compliance certification
Our journey to GDPR compliance certification project started along with the ISO 27001 information security international standard certification. We are assessed, audited and certified by independent external ISO auditing agency.
The certification project started with an audit of the personal data flows into, around and outside our business, a thorough study and a gap analysis of areas where we need to implement changes and an action plan to lead us to compliance.
Highlights of our data security policy
- ISO 27001 information security international standard certified
- Payment card industry (PCI) data security standard approved
- PCI certified for handling and processing credit card information
- HIPAA compliant for handling confidential health and medical records
- Approved by ministry of communication & information technology (STPI, India)
- STPI approval number: 5798-Nov 2007
- Registered under data protection act with UK information commissioner
- UK data protection registration number: Z3331950 (since 2009)
We realise that data protection compliance is a ‘live’ issue and so we will continue to audit, test and improve our processes every year. Apart from being a data protection certified organisation, we are also legally bound to the confidentiality laws as we are a UK limited company. When you outsource to Integra, you are dealing with a UK limited company and not with an unknown foreign company.
You can be assured that your data and your customers data is 100% safe and secure with us.