Simplifai complies with the General Data Protection Regulation – key aspects of compliance
As the world of technology expands, the awareness about data privacy and security is growing in the general population. Requirements from authorities, large corporates, and public sector buyers are getting stricter to stay aligned with changing public expectations.
As a SaaS company that provides Artificial Intelligence solutions, Simplifai believes in embracing this trend and sets the bar high in terms of upholding data privacy actions. Following this, we adhere to the General Data Protection Regulation with regard to our AI-based tech.
Simplifai’s position on the General Data Protection Regulation
At Simplifai, our aim is to be aligned with the customer segment with the highest and strictest requirements in markets where our presence lies, such as banking, insurance, financial services, and the public sector.
We make use of carefully regulated ways through which data can be collected only for the purpose of training our Artificial Intelligence solutions. We do not provide access to this data to any third-party organization. We also provide the option to our clients to delete data when required, or after it has fulfilled its purpose.
We are ISO/IEC 27001:2013 certified, which confirms our claim of being a secure vendor of Artificial Intelligence products and services, and further ensures that we follow the best-in-class data security regulations.
What processes Simplifai has gone through to become best-in-class in data privacy
Simplifai’s product development team has adapted to the “privacy by design” approach in our development life cycle. In addition, we have gone through several processes with our legal team and selected customers to identify key requirements from legal, technical, authorities, and operational viewpoints. We have made necessary adjustments to Simplifai Studio – our SaaS platform that provides Intelligent Process Automation (IPA) to our clients. Similarly, our operational routines related to running and maintaining our SaaS products have been adjusted for data privacy purposes. The following are some of the processes in brief that we have gone through to maintain the best-in-class standard for data privacy:
- Operational routines are carried out every quarter of the year to maintain SaaS products, ensure strict data usage, and for incident management training.
- Interactive training sessions with regards to GDPR, Data Privacy, and Information Security on a regular basis.
- In addition to the functional, technical, and non-functional requirements, we ensure the product development covers confidentiality, integrity, availability, resilience, and traceability on the platform.
- Maintaining separate data centers in our two key regions of Europe and India, to ensure that data transfers are restricted.
- We provide a separate database for each customer and their data stays within the region they select – e.g., the EU data center.
- Limit the storage of data to the absolute minimum timeframe.
- No possibility of personal profiling possibility or linking two database rows together in the solution.
- Minimize exposure of data on an individual level. Data that is needed to be presented for statistical purposes is aggregated, which eliminates the possibility of back-tracing individuals.
- Clients can anonymize sensitive data stored in Simplifai Studio for a specific duration and opt for automatic data deletion based on preconfigured frequencies.
- Appropriate information security requirements for storage and communication of data like encryption at transit and at rest.
- Although we provide access control at different levels, nobody can access customer and Simplifai’s data without the respective consent.
- Use of mechanisms with our providers to eliminate realistic transfer of sensitive data such as customer lockboxes and data masking techniques.
Key data security features of our AI platform
We pride ourselves in maintaining some of the most stringent data security features when it comes to our platform – Simplifai Studio, and the Artificial Intelligence solutions configured through it:
- Our platform is built with a ‘privacy by design’ approach
- We use single sign-on and MFA
- All activities carried out on the platform and otherwise, are logged, with the audit logs being made available for the customers
- Traceability by documenting software and procedures, audit logs and access control logs, deleting /anonymizing logs
- The modular design helps to split our solutions into different Lego clauses; this eventually helps in access control
- Our AI platform is designed to ensure the data subjects rights by making sure audit trails are made available within the platform
Simplifai is a leader in Artificial Intelligence solutions and being in this industry makes us encounter customer data and other information that is sensitive and needs to be protected. By adhering to the rules and regulations of the GDPR, we ensure that the data we use is secure from all fronts.
We also carry out internal awareness through in-house seminars and interactive sessions with the product development team to generate awareness about the ‘privacy by design’ approach. We provide instructional material to employees for the same, followed by mandatory training on information security and privacy frequently.
Simplifai is also ISO/IEC 27001:2013 certified. The ISO certification for our management systems is applicable to SaaS-based Product design and Development using Artificial Intelligence (Intelligent Process Automation) – Implementation and Customer Support. Other support functions included are Sales and Marketing, Human Resources, Information Technology & Utility, Admin, and Product Delivery.
Last but not the least, we frequently perform Vulnerability Assessment and Penetration Testing (VAPT) and related audit-based activities to detect risks and threats associated with cyber security and misuse of data. We like to think of this data privacy and IT Security compliance as being part of the Simplifai DNA.
To know more details about the General Data Protection Regulation, please click below:
To know more details about ISO/IEC 27001:2013 certification, please click the link below: