Organizational Readiness

Organizational Readiness and GDPR Planning

Last Updated April 2018


 

We take data protection seriously and are continually revising our data security practices. As part of this effort, we have engaged an EU law firm that specializes in data privacy and data protection to review our practices and provide recommendations, and we conducted an information security assessment with an independent European expert.

Highlights:

  • Our employees receive periodic training and awareness programs on data protection and information security.
  • We created a Personal Data Privacy Policy to provide a baseline for compliance with data privacy goals and principles as they apply to our business operations.
  • Our Data Incident Response Policy has been updated in light of GDPR [specifically to align the definition of “personal data” of Art. 4(1)].
  • We have amended our vendor agreement templates to strengthen and highlight the data protection obligations of the GDPR [Art. 28(1)-(3)].
  • Third-party vendors with access to personal data are generally reviewed before they are onboarded to confirm that they have adequate controls in place based on the sensitivity of the data they process.
  • The GDPR restricts the export of personal data to countries outside the EU and the European Economic Area (EEA) unless certain controls are in place. We secure transfers to our non EU/EEA affiliates through contractual data transfer instruments aligned on model clauses validated by the European Commission.
  • We have achieved the ISO 27001 and 22301 certifications, SOC/SSAE and PCI certifications for select locations or businesses.
  • Our updated Data Processing Annex shares our privacy commitments and sets out the terms for Altisource S.à r.l. and its customers to meet GDPR requirements. This document is available for customers to sign upon request.

We have a dedicated team ready to help you with any doubts around GDPR or data protection. For any inquiries, contact us.