203 703 9000

General Data Protection Regulation (GDPR)

On May 25th the GDPR will come into effect. As per the GDPR regulation – “A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.”

Criterion, as your data processor, is fully equipped to meet and exceed the requirements of the regulation. Criterion also provides our clients, as the data controller, with all the tools necessary to comply with the regulation.

Inherited Compliance through Criterion (Data Processor)

Data Portability and Data Erasure

As the owner of the data, our clients have full control in terms of Data Portability and Data Erasure. This ensures the adherence to the ‘Right to Access’ regulation. Criterion performs an automatic deletion of data after 90 days in the unfortunate case of a business deal end. Clients have the choice to request an earlier Data Erasure as well.

Privacy by Design

Our system at Criterion is designed to ensure privacy, making privacy an integral part of the system itself. Criterion operates on secure transmission, allowing data transmission only under the https, thereby ensuring encryption in transit – which is beyond the requirements of GDPR.

Breach Notification Standard

We, at Criterion, have a breach notification policy that requires us to notify our clients on any breach within 48 hours, which is above and beyond the required time frame by the GDPR of 72 hours.

Compliance for Data Controllers

Data Minimization

The Criterion system enables the System Administrators to assign varied security profiles in order to limit the access to any personal data. Our security profiles are completely configurable and can be granulized to provide access only to the need-to know information.

Auditable evidence

Criterion system logs an audit trail for any data access and changes, allowing our clients to closely monitor how data is being accessed in their organization. Even with the Criterion Support accessing the system to help with any support issues, the data is anonymized so that there is no access to any personally identifiable information.