There are five core principles that IHRDC adheres to when it comes to data privacy and protection - Consent, Security, Data Portability, Accountability & Transparency and Right to be Forgotten.
These core principles are intrinsic to how we operate as a company with each of our customers. Below are the ways in which we are enhancing our policies and procedures to address each principle.
|Principle||IHRDC Compliance Efforts|
|Consent||IHRDC is in the process of reviewing all of the ways in which we process customer and user data. For each process we will provide methods for users to consent in advance of processing as well as withdrawing consent at a later time.|
|Security||IHRDC is working to enhance our systems to have security built into every layer of our product platforms. The infrastructure layers will include replication, backup, and disaster recovery planning. Network services already have encryption in transit and advanced threat detection. Our application services have impemented identity, authentication, and user permissions.|
|Data Portability||IHRDC is working to provide easily accessible method to honor requests to export user data. In the short-term, data may be provided through requests to our Support team. It is the long-term objective to provide automated ways for users to download their data in industry standard formats such as reports, CSV, XML, JSON, and others.|
|Accountability & Transparency||IHRDC will offer customers a robust data processing addendum containing strong privacy commitments that are aligned with the spirit of "lawfulness, fairness, and transparency" as expressed in Article 5(a). This addendum also contains specific provisions to assist customers in their compliance with the GDPR.|
|Right to be Forgotten||User data may need to be deleted in order to comply with data protection and privacy regulations. IHRDC is working on enhancing our products and processes to help you meet our obligations under the GDPR.|