Inherited Compliance through Criterion (Data Processor)
Data Portability and Data Erasure
As the owner of the data, our clients have full control in terms of Data Portability and Data Erasure. This ensures the adherence to the ‘Right to Access’ regulation. Criterion performs an automatic deletion of data after 90 days in the unfortunate case of a business deal end. Clients have the choice to request an earlier Data Erasure as well.
Privacy by Design
Our system at Criterion is designed to ensure privacy, making privacy an integral part of the system itself. Criterion operates on secure transmission, allowing data transmission only under the https, thereby ensuring encryption in transit – which is beyond the requirements of GDPR.
Breach Notification Standard
We, at Criterion, have a breach notification policy that requires us to notify our clients on any breach within 48 hours, which is above and beyond the required time frame by the GDPR of 72 hours.
Compliance for Data Controllers
The Criterion system enables the System Administrators to assign varied security profiles in order to limit the access to any personal data. Our security profiles are completely configurable and can be granulized to provide access only to the need-to know information.
Criterion system logs an audit trail for any data access and changes, allowing our clients to closely monitor how data is being accessed in their organization. Even with the Criterion Support accessing the system to help with any support issues, the data is anonymized so that there is no access to any personally identifiable information.