The new data law GDPR is quite complex and there are still some parts that may seem unclear. At Indpro, we have the skills required to guide our customers in the best way to comply with GDPR in our collaboration.
Our processes ensure adequate security for data that is of a personal nature and potentially sensitive. We have processes in place for how we receive personal data, how we manage and store the personal data - and perhaps most importantly, how we delete the data and under what circumstances we will do so.
The agreements (among others. assistance agreements) that we have drawn up with our customers are professionally drawn up and we comply with the Data Protection Authority and the Data Protection Regulation's rules for how we process personal data, we have also drawn up agreements that comply with the Data Protection Regulation's requirements. Before we start a collaboration, we do a proper review of the data that we can potentially work with, which is of a personal and sensitive nature, and which is not. If we are to work with sensitive data, we provide recommendations on how we should proceed to minimize the security risk. We then set up an approach together with the customer, which gives the customer full visibility into how we take care of the data.
When data is transferred to countries outside the EU, there are special and stricter rules in the legislation. We try as much as possible to set up a work process that means we work in the customers' environments with secure access points. In 9 cases out of 10, we therefore have no reason to process any personal data with us, neither in Sweden nor at our delivery center in India. But in cases where the processing of data outside the EU is relevant, we have both processes and agreements that guarantee compliance with the new data law.
In the effort to comply with the GDPR, we have further increased security at our large delivery center in Bangalore, India. Since before, biometric identification is required to gain access to the office. We have also developed new policies for the use of our own devices. We still allow BYOD (bring your own device), but we have updated our policies and put in place a more stringent process to control when data is taken outside the office boundaries. We also save log lists and have routines for what to do if a data leak were to occur after all, and we have, for example, also looked at factors such as how the organization keeps the IT equipment secure.
GDPR compliance requires that the entire organization is educated on what GDPR and the GDPR's rules or statutory requirements mean, and understands the importance of compliance. We carry out continuous training with our staff, in Sweden as well as in India.
We regularly carry out audits of our policies, processes and systems, quarterly as well as half-yearly and year-round. In our audits, we go through the processes and review what improvements we can make. The work with GDPR is not a one-time effort but an ongoing work. Indpro continues to follow how the legislation develops, to ensure that we and our customer projects live up to the current rules and requirements.
Borgarfjordsgatan 12, Kista NOD 164 55 Kista, Sweden
+46 73 923 21 38
We are constantly looking for talented and committed team players who want to work with the latest technology. So get in touch!