How HackerEarth is preparing for GDPR

HackerEarth is committed to honoring its users’ rights to data privacy and protection. We have a privacy-conscious culture, and GDPR is an opportunity for us to strengthen this further. Being GDPR-ready has been of the highest priority this past year, and our product and legal teams have devoted a lot of extra hours to adhere to its requirements, give users more control over their data, and explain what we do with the data. (PS: To further our crusade toward data protection, we are also in the process of the getting the ISO 27001 certification.)

What is GDPR?

General Data Protection Regulation (GDPR), which will go into effect on May 25, 2018, replaces the 1995 Data Protection Directive. Designed to give EU citizens more control over their data, it aims to use one all-encompassing privacy and security law to safeguard personal data. Regardless of their location, relevant controllers or processors dealing with EU residents’ personal data are required to update or craft new policies ahead of the date or be prepared for penalties.

What is personal data?

Article 4 in GDPR definition states that ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Both personally identifiable information (PII) and information which can be cross-referenced with other information to identify a person is included in the definition. Examples of sensitive PII include medical information, biometric information, social security ID, license number, birth date, etc. The personal data collected should be pseudonymized and/or encrypted.

How is HackerEarth getting ready for GDPR?

In our efforts to get the organization ready for sustainable compliance, HackerEarth has taken several steps—from raising awareness in the organization about the principles of GDPR and our data protection policy to training employees to responsibly handle user data and auditing.

Also, to make sure our sub-processors do no breach the regulation, we are assessing our third-party service providers and partners and fine-tuning the contracts.

Product preparation

We have assessed HackerEarth Sprint, our innovation management software, and HackerEarth Recruit, our Technical Recruitment software, against the requirements of the GDPR and have implemented features that will help users achieve compliance.

Our application teams strongly believe in letting the end users exercise their rights with respect to privacy. We are working to give you more control over the data you store in our systems. These provisions may vary based on your requirement, product characteristics, and mutually agreed upon statement of work. Our teams are working on these features and enhancements, which will be rolled out in phases.

How HackerEarth enables customers to be GDPR compliant:

• • We have revised our privacy policy and terms of service.
  • We are encrypting all data in transit and at rest.
  • We are identifying and creating multiple delete profile use cases, including administrators having the control to delete users.

HackerEarth is also taking care of many more such features to ensure the customers are compliant and users have complete control over their data.

Process preparation

Based on our data flows and data handling practices, we have revised our privacy policy and added further information on the personal information we collect, why we collect it, how we will use it, how long we will store it, and so on. Moreover, we are reviewing our databases to make sure we have only the latest and most accurate information.

We have put together a glossary of the terms and information on when HackerEarth acts as a data processor or a data controller. Additionally, we have appointed internal privacy champions for all our teams.

What happens in the event of a data breach?

In case a personal data breach occurs, we will send breach notifications in accordance with our internal incident response policy.

We will notify our customers within 72 hours of us discovering the breach.
We will notify users through our blogs and social media for general incidents.
We will notify the concerned party through email (using the primary email address) for incidents specific to an individual user or an organization.

We have a whole series of blogs planned, with more updates and information to come. Please feel free to ask questions and share your concerns with us at vr-gdpr@hackerearth.com.

***For more information, see our Privacy Policy here.

Anand Hariharan Author 1 Blogs