How does uKnowva ensure GDPR Compliance

What is GDPR?

GDPR is a regulation that entails businesses protecting the personal data and privacy of EU citizens. In fact, the regulation also demands the monitoring of data that is exported outside the EU. The European Parliament adopted the GDPR in April 2016, replacing a rather outdated data protection directive from 1995. You can read more on about it at https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

What Data do we collect?

uKnowva is a web-based HRMS software that automates Employee Lifecycle Management and we collect and process data at various stages/events like while onboarding a user/candidate, deboarding a user, processing salaries, etc. For all of this data collected, the customer is the controller and we are just a processor of the data.

How are we ensuring GDPR compliance?

We are committed to adhering to GDPR and we follow protocols at various stages of our engagement with the customer and users to ensure the same. Following are some protocols/processes we are following to adhere to all the underlying principles of GDPR ensure 100% GDPR compliance.

·        Lawfulness, fairness, and transparency:

ü  As per our NDA/Terms of use, the data uploaded by you on our system is completely secured and protected, we do not use or access any of the data we are processing and all the transactions being executed to access/process the data and completely lawful and in compliance in GDPR norms

ü  We only handle people’s data in ways they would reasonably expect, or we can explain why any unexpected processing is justified.

ü  We have considered how the processing may affect the individuals concerned and can justify any adverse impact.

ü  We do not deceive or mislead people when we collect their personal data.

ü  We are open and honest, and comply with the transparency obligations of the right to be informed. If you have any concerns with your data and want to know how is it used or processed, you can always write to helpdesk[at]uknowva[dot]com

·        Purpose limitation

ü  The sole purpose of data being collected and stored in our system is to do process automation for the customer. We do not intend to use the data stored on our system for any other purpose like profiling, running ads, running surveys, etc.

ü  As per our NDA/Terms of use, we have clearly defined that the final owner of all the data we collect and store is the customer

ü  We regularly review our processing and, where necessary, update our documentation and our privacy information for individuals.

·        Data minimisation

ü  What data our software collects is completely governed by the customer and their needs. Customers can manage data collection fields from the administrator panel. We by ourselves do not collect any additional data without the consent of the customer or their system administrators

ü   We periodically review the data we hold, and delete anything we don’t need.

·        Accuracy

ü  The data uploaded in our software is done either by the customer or by our support team on behalf of the customer. The accuracy of the data is completely governed and controlled by the customer

ü  We do not manipulate or change or misrepresent any data by ourselves.

ü  Updating/deleting of the data collected on the software is done by customers themselves or by the support team on the customer’s behalf. We maintain logs of all such changes so that at any point in time we can figure out how, when and who changed the data in the system.

·        Storage limitation

ü  Customer data or user data is stored on our servers till the time the customer is active and under a valid subscription

ü  Customers have the right to terminate the subscription or request for deleting their data from our servers.

ü  In case of any termination of the contract, we eventually completely terminate the data from our servers. You can read more about our Data Purging Policy on this link: https://docs.uknowva.com/all-posts/2-general-content/191-what-happens-to-customer-s-data-after-termination

ü  If you are a user who has been using our HRMS software under a customer’s instance, and wants your data to be erased, you can write to the system administrator of your instance and request a deletion.

·        Integrity and confidentiality (security)

ü  We practice stringent security measures at all the levels .i.e. Application, Network, Operating system and Physical level. You can read more about our security practices at https://uknowva.com/security

ü  Our software is completely VAPT tested by internal as well as external parties ensuring the application is free from the Top 10 OWASP vulnerabilities

ü  We regularly do VAPT on the software to ensure all the latest upgrades are also following the best of security practices

ü  In addition, regular security scans are being done on our OS/network too to proactively find vulnerabilities, if any

ü  We use encryption and/or pseudonymisation where it is appropriate to do so.

ü  We make sure that we can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process. You can read more about the backup policy here: https://docs.uknowva.com/security-compliance/290-bakup-policy-on-uknowva-cloud

ü  Where appropriate, we implement measures that adhere to an approved code of conduct or certification mechanism.

·        Accountability and governance

ü  We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation.

ü  We have taken appropriate measures to ensure better accountability and governance across our organization by doing the following

§  adopting and implementing data protection policies (where proportionate);

§  putting written contracts in place with organisations that process personal data on our behalf;

§  maintaining documentation of our processing activities;

§  recording and, where necessary, reporting personal data breaches;

ü  We review and update our accountability measures at appropriate intervals.