The General Data Protection Regulation (GDPR)
is a comprehensive set of laws that came into effect in May 2018 with the purpose of protecting the personal data of individuals within the European Union (EU).
As a due diligence company, Cadence is committed to ensuring that our operations align with these guidelines and that we are transparent about how we handle personal data. These guidelines can be found on the GDPR checklist website. We have taken actions to further implement GDPR guidelines within our organization.
What are the actions?
1
LAWFUL BASIS AND TRANSPARENCY
To ensure an adequate level of data privacy and protection, we have conducted an audit to identify the data being processed at Cadence, who has access to it, and our current connections with clients and vendors. We have updated our privacy policy to clearly outline the data processing process, which is based on obtaining consent from our customers. This ensures that our customers are aware of how their personal data is being used and that we are acting in accordance with the law.
02
DATA SECURITY
We have verified that all of our platforms are able to provide both encryption-at-rest and encryption-in-transit. We have followed the principles of "data protection by design and by default," including implementing appropriate technical and organizational measures to protect data. For example, the use of third-party services requires the use of multi-factor authentication (MFA).
We have created an internal security policy for our team members and have implemented mandatory training programs to increase awareness about data protection.
03
ACCOUNTABILITY AND GOVERNANCE
Our company has a dedicated person in place to monitor and address data protection issues on a regular basis, ensuring that we consistently uphold the highest standards of data protection.
As a result of the data usage audit, we have signed data processing agreements with these third parties to ensure that personal data is handled responsibly and in accordance with GDPR regulations.
04
PRIVACY RIGHTS
As a company, we are committed to upholding the rights of individuals as outlined in the GDPR. One such right is the right to access personal data that we hold about them, as well as the right to understand how this data is being used. We adhere to the guidelines for easy access to data. When decisions are made based on automated processes, such as personal identification, we ensure that individuals are made aware of their rights and are able to reach out to our company if they wish to alter their data usage decisions.
In conclusion, Cadence is committed to ensuring compliance with the GDPR and protecting the personal data of individuals. By implementing the necessary measures outlined in this article, we are able to transparently and responsibly handle personal data, maintain data security, and uphold the rights of individuals.
We will continue to monitor and update our practices to ensure that we are consistently aligning with the GDPR and upholding the highest standards of data protection.