GDPR compliant: our security and data governance practices

The EU’s General Data Protection Regulation is designed to ensure organizations are transparent about how they handle individuals’ personal data. To ensure duly preparations for the GDPR, WaveAccess employed Deloitte to conduct an Initial Compliance Review back in November 2017 and was highly esteemed: “WaveAccess made significant efforts to comply with forthcoming EU GDPR regulation, and we do not see any obstacles for WaveAccess to be fully compliant”. WaveAccess had reviewed its data security framework by the time the new law came into effect on May 25th, 2018 and is committed to the principles outlined in the GDPR for all EU residents who share their data with us.

With respect to personal data collection on the company’s website, WaveAccess is considered to be data controller. In compliance with the GDPR, WaveAccess has updated its Privacy Policy. It now explains in detail how and why the company uses and processes personal data collected through contact forms (such as name, email address, phone number), as well as non-identifiable personal information (such as browser type and actions visitors take on the website) collected through cookies and web beacons. The Privacy Policy also ensures that all rights of individuals with regards to their personal data are respected.

In addition, with respect to WaveAccess services to its customers, WaveAccess has reviewed its security and data governance practices and documentation. Now, where the new rules apply, apart from software development and non-disclosure agreements, WaveAccess makes contractual commitments in Data Processing Addendums as well. It regulates responsibilities of WaveAccess as a GDPR-compliant data processor, thus ensuring that our customers fulfill their GDPR obligation of working with compliant partners.

“Data security has always been our №1 priority, so we are pleased to state that we are GDPR compliant. We welcome the key principles behind the new regulation — companies should be transparent about how they collect, process and protect individuals’ personal data they are entrusted with. We see GDPR compliance as ongoing effort across all of our processes. We’ve conducted staff trainings and elaborated a special roadmap for our project managers, so that every team member is fully aware of new requirements. Besides, we’re integrating the “privacy by design and by default” principle into our software development approaches allowing our clients to have GDPR-compliant products and services”, says Andrey Nizovsky, founder and COO at WaveAccess.

Earlier this year, WaveAccess was audited for compliance of its information security management system (ISMS) based on the requirements of the international ISO/IEC 27001:2013 standard. According to the audit, the company’s ISMS meets the standard’s key principles: it preserves confidentiality, integrity and availability of the company’s information assets, and data of its customers and partners.

If you have questions or comments regarding our Privacy Policy and our privacy practices, or you have any requests to exercise your legal rights,
 please contact us at privacy@wave-access.com