On May 25th the GDPR will come into effect. As per the GDPR regulation – “A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.”
Sage HCM (formerly Criterion HCM), as your data processor, is fully equipped to meet and exceed the requirements of the regulation. Sage HCM (formerly Criterion HCM) also provides our clients, as the data controller, with all the tools necessary to comply with the regulation.
Inherited Compliance through Sage HCM (formerly Criterion HCM) (Data Processor)
Data Portability and Data Erasure
As the owner of the data, our clients have full control in terms of Data Portability and Data Erasure. This ensures the adherence to the ‘Right to Access’ regulation. Sage HCM (formerly Criterion HCM) performs an automatic deletion of data after 90 days in the unfortunate case of a business deal end. Clients have the choice to request an earlier Data Erasure as well.
Privacy by Design
Our system at Sage HCM (formerly Criterion HCM) is designed to ensure privacy, making privacy an integral part of the system itself. Criterion operates on secure transmission, allowing data transmission only under the https, thereby ensuring encryption in transit – which is beyond the requirements of GDPR.
Breach Notification Standard
We, at Sage HCM (formerly Criterion HCM), have a breach notification policy that requires us to notify our clients on any breach within 48 hours, which is above and beyond the required time frame by the GDPR of 72 hours.
Compliance for Data Controllers
Data Minimization
The Sage HCM (formerly Criterion HCM) system enables the System Administrators to assign varied security profiles in order to limit the access to any personal data. Our security profiles are completely configurable and can be granulized to provide access only to the need-to know information.
Auditable evidence
Sage HCM (formerly Criterion HCM) system logs an audit trail for any data access and changes, allowing our clients to closely monitor how data is being accessed in their organization. Even with the Sage HCM (formerly Criterion HCM) Support accessing the system to help with any support issues, the data is anonymized so that there is no access to any personally identifiable information.
%201.svg){kind=small}