On May 25, 2018, the European Union (the EU) implemented a new data privacy & protection regulation called the General Data Protection Regulation (GDPR). This new regulation aims to standardize data protection laws across the EU. It lays down standards for worldwide observation while processing personal data originating in the EU; The GDPR strongly emphasizes affording individuals a robust, more consistent right to access and control their personal information.

At Cloudlytics, we take compliance, data privacy, and security regulations very seriously. For the GDPR, we are diligently working to ensure compliance with the law-abiding rules to provide product functionality by molding our services to maintain unwavering compliance. In the following sections, we have outlined our approach to GDPR compliance.

Cloudlytics GDPR Compliance

Cloudlytics is the cloud security posture management (CSPM) platform that integrates the AWS Well-Architected Framework best practices. Cloudlytics has a global presence having its offices in Pune, Mumbai, Singapore, Malaysia, Europe, USA, Australia, and Canada.

At Cloudlytics, we process a certain amount of our existing and prospective clients’ data in the capacity of a Data Controller. While providing our services, we play the role of a Data Processor for our clients who provide us with personal information for our offerings.

Risk Assessment

We have performed a company-wide information discovery exercise to identify and assess the type of personal information we hold, its source, processing method, and access.

Data Subject Consent

As a Data Controller, Cloudlytics has updated its Privacy Policies, Cookies Policy, and Disclaimer for using cookies, per the requirements of GDPR, on its website

As a Data Processor, we execute contracts stated under the GDPR with our clients (who are the Data Controllers) and process their personal information as per their directions and wherever the GDPR is applicable. Additionally, we implement technical and organizational security measures to ensure compliance.

Transfer of Data Outside EU

Cloudlytics has an article 28 GDPR-compliant data processing addendum in place, including the EU Model Clauses, to ensure an appropriate legal basis for data transfers outside the EU.

Data Retention & Erasure

We have formulated a data retention policy and schedule to ensure our compliance with ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived, and destroyed per the GDPR.

Record Keeping as per the GDPR

According to Article 30 of the GDPR, every processor and controller representative must maintain a record of all activities in processing personal information in such an organization. Cloudlytics maintains a controller processing record as required under Article 30(1) and Article 30(2) of the GDPR.

Data Breach and Mitigation Process

The GDPR has stipulated measures and notifications for a data security breach. Cloudlytics has put in place internal measures to minimize the risk of any data security breach happening. However, in the unlikely event of such a breach, Cloudlytics intends to honor its responsibilities as laid down under the GDPR, which includes notifying its customers and the supervisory authorities (if Cloudlytics is the Data Controller) on time.

Compliance Team

We have a team of leaders for our GDPR compliance initiative who ensure the proper flow of the processes to all members within the organization. They handle the data governed by the GDPR; should you require any clarification on any aspect of our compliance efforts, contact us at

Cloudlytics Promise on GDPR

At Cloudlytics, maintaining the security, integrity, safety, and confidentiality of personal data in our business is one of the highest priorities. Cloudlytics has already taken adequate measures to ensure that we fulfill our promise of being fully compliant with GDPR! If you have any queries, feel free to reach us at  

Download the Cloudlytics 2021-22 form MGT 7 here >

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!