Concordant IT Networks GDPR Compliance
On May 25, 2018, the European Union (the “EU”) implemented a new data privacy and protection regulation, called the General Data Protection Regulation (the “GDPR”). This new regulation aims to standardize data protection laws across the EU and also lay down standards to be observed worldwide while processing of personal data originating in the EU; The GDPR also has a strong emphasis on affording individuals stronger, more consistent rights to access and control their personal information.
At Concordant IT Networks Private Limited, we take compliance of data privacy and security regulations very seriously. For GDPR, we are working diligently to ensure that we are compliant with the rules laid out by the law and provide product functionality that enables us to remain compliant. In the following sections, we have outlined our approach to comply with the GDPR.
Concordant IT networks GDPR Compliance
Concordant IT Networks is a prominent provider of Infrastructure services. The Concordant IT Networks, our philosophy is to create value for its clients through a culture of continuous learning.
Because our website is used and explored by our clients (existing and prospective), we at Concordant IT Networks, process a certain amount of personal data of our prospective clients in the capacity of a Data Controller (for any personal information submitted on the website). We also process personal data as a Data Processor for our clients, for whom we process personal data as part of our services offerings.
We have performed a company-wide information discovery exercise to identify and assess what personal information we hold, where it comes from, how and why it is processed, and to whom it is disclosed.
Data Subject Consent
As a Data Controller, Concordant IT networks has updated its Privacy Policies, as per the requirements of GDPR on its website www.concordantonetech.com and it requires all the visitors, users of its website to provide an unequivocal consent. Concordant IT networks, also provides various rights to such users in relation modification, rectification, deletion of their data provided to Concordant It Networks.
As a Data Processor, we execute contracts required under the GDPR with our clients (who are the Data Controllers) and process personal information as per their directions. Additionally, we implement technical and organizational security measures to ensure compliances.
Data Retention & Erasure
We have formulated a data retention policy and schedule to ensure that we comply with the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived, and destroyed in accordance with the GDPR.
Record-Keeping as per the GDPR
According to Article 30 of the GDPR, each processor and controller’s representative needs to maintain a record of all activities pertaining to the processing of personal information in such an organization. Concordant IT Network, maintains a controller processing record as required under Article 30(1) of the GDPR as well as processor processing record as required under Article 30(2) of the GDPR.
Data Breach and Mitigation Process
The GDPR has stipulated measures and notifications that must be made upon discovery of a data security breach. Concordant IT Network, has put in place internal measures to minimize the risk of any data security breach happening. However, in the unlikely event of any such breach happening, Concordant It Network, intends to honor its responsibilities as laid down under the GDPR, which includes notifying in a timely manner, its customers, and the supervisory authorities (if Concordant IT Network, is the Data Controller).
Concordant IT Network Promise on GDPR
At Concordant IT Network, maintaining the security, integrity, safety, and confidentiality of personal data in our possession is of the highest priority. Concordant IT Network, has already taken adequate measures to ensure that we fulfill our promise of being fully compliant with GDPR! In case you have any queries, please feel free to reach us at firstname.lastname@example.org