On May 25, 2018, the European Union (the EU) implemented a new data privacy & protection regulation called the General Data Protection Regulation (GDPR). This new regulation aims to standardize data protection laws across the EU. It lays down standards for worldwide observation while processing personal data originating in the EU; The GDPR strongly emphasizes affording individuals a robust, more consistent right to access and control their personal information.
At Cloudlytics, we take compliance, data privacy, and security regulations very seriously. For the GDPR, we are diligently working to ensure compliance with the law-abiding rules to provide product functionality by molding our services to maintain unwavering compliance. In the following sections, we have outlined our approach to GDPR compliance.
Cloudlytics is the cloud security posture management (CSPM) platform that integrates the AWS Well-Architected Framework best practices. Cloudlytics has a global presence having its offices in Pune, Mumbai, Singapore, Malaysia, Europe, USA, Australia, and Canada.
At Cloudlytics, we process a certain amount of our existing and prospective clients’ data in the capacity of a Data Controller. While providing our services, we play the role of a Data Processor for our clients who provide us with personal information for our offerings.
We have performed a company-wide information discovery exercise to identify and assess the type of personal information we hold, its source, processing method, and access.
As a Data Controller, Cloudlytics has updated its Privacy Policies, Cookies Policy, and Disclaimer for using cookies, per the requirements of GDPR, on its website www.cloudlytics.com.
As a Data Processor, we execute contracts stated under the GDPR with our clients (who are the Data Controllers) and process their personal information as per their directions and wherever the GDPR is applicable. Additionally, we implement technical and organizational security measures to ensure compliance.
Cloudlytics has an article 28 GDPR-compliant data processing addendum in place, including the EU Model Clauses, to ensure an appropriate legal basis for data transfers outside the EU.
We have formulated a data retention policy and schedule to ensure our compliance with ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived, and destroyed per the GDPR.
According to Article 30 of the GDPR, every processor and controller representative must maintain a record of all activities in processing personal information in such an organization. Cloudlytics maintains a controller processing record as required under Article 30(1) and Article 30(2) of the GDPR.
The GDPR has stipulated measures and notifications for a data security breach. Cloudlytics has put in place internal measures to minimize the risk of any data security breach happening. However, in the unlikely event of such a breach, Cloudlytics intends to honor its responsibilities as laid down under the GDPR, which includes notifying its customers and the supervisory authorities (if Cloudlytics is the Data Controller) on time.
We have a team of leaders for our GDPR compliance initiative who ensure the proper flow of the processes to all members within the organization. They handle the data governed by the GDPR; should you require any clarification on any aspect of our compliance efforts, contact us at firstname.lastname@example.org.
At Cloudlytics, maintaining the security, integrity, safety, and confidentiality of personal data in our business is one of the highest priorities. Cloudlytics has already taken adequate measures to ensure that we fulfill our promise of being fully compliant with GDPR! If you have any queries, feel free to reach us at email@example.com.