Each year on the 28th of January, Data Privacy Day is marked. The day itself is an international effort to create awareness about the importance of safeguarding data and respecting privacy. To highlight the day we wanted to share some of the controls Arema Connect have in place to safeguard data. Since 2019, Arema Connect has been certified with the ISO 27001:2013 for Information Security which has greatly boosted our data privacy measures. Our Information Security Management System (ISMS) compels us to manage all aspects of our operations with information security and data privacy at the forefront.
The nature of our business means that we are responsible for processing data on behalf of our clients, the data controller, to support their customers across multiple touchpoints. We have put several measures in place to safeguard and protect all data we process. Some of these measures include –
Data Protection training: On commencement of employment with Arema Connect, all team members are required to complete intensive data protection and General Data Protection Regulation (GDPR) training. Thus ensuring that all employees are familiar with the various practices across the organisation to safeguard both internal data and client data. On a monthly basis, refresher training is carried out across each team and department ensuring that all employees are handling all data securely in accordance with the various data protection measures we have in place. Measures include password policies, physical security measures and access control protocols.
Policies: Our management team has developed a suite of policies touching on several key areas of Information Security and Data Privacy. All key stakeholders are made aware of these policies to guarantee that all operations are carried out in line with the procedures and guidelines outlined therein. These policies include:
- Information Security;
- Information Communication Technology (ICT);
- Data Privacy and Retention;
- Data and Information Classification.
Payment Card Industry (PCI) Compliance: Our Contact Centre infrastructure is fully PCI compliant, making certain that all payments are processed in a secure manner with complete data privacy. Customers are required to enter their own payment details, which further guarantees that no payment details are available in any call recordings maintained for training and quality assurance purposes.
Data Champion: In 2018, we elected Nuala Keogh, our HR and Financial Director, to the role of Data Champion to support the introduction of the General Data Protection Regulation (GDPR). Nuala keeps up to date with the latest data privacy regulations and changes and in turn, ensures that these are implemented across the organisation. With the support of her fellow management team, she comes up with new ways to build on our data and information security measures.
Risk Management: We maintain a risk register to document risks across all areas of the organisation. Each risk that is highlighted has a corresponding control to minimise any threats. Our risk register plays a fundamental role in managing Information Security and Data Privacy in our operations. Our Data Champion, supported by the Management team, is responsible for the ongoing maintenance and review of our risk register. When onboarding any new client, we work closely with their in-house team to record any potential risks and put measures in place to manage them.
Internal Auditing: In order to ensure the effectiveness of the various Information Security and Data Privacy controls in place, we carry out regular audits. Through the development of a rigorous internal audit programme, each policy and control is evaluated to verify compliance and efficiency. These audits highlight areas that require corrective actions and in turn, support us seek out continuous improvement to strengthen our data privacy measures.
Data privacy is vital to ensure that all information stored on individuals is protected to the highest degree. As an organisation, we are committed to continuously improving our safeguarding measures and controls.