Our Commitment to the General Data Protection Regulation (GDPR)


The European Union General Data Protection Regulation (GDPR) designed to synchronize data privacy laws & regulations across Europe effectively replaces the Data Protection Directive 95/46/EC. It remodels the way enterprises & companies throughout the geography treat data privacy, while empowering all EU citizens to protect the privacy of their data.

Effective from 25th May 2018, the EU has put in place the GDPR for all EU residents to protect their fundamental right to privacy. In spite of its stringent nature, the law in itself is an essential aspect that the EU has enforced to regulate how the personal data of citizens & visitors is collected, processed & stored in a legally acceptable manner. The law applies to all enterprises in the EU or interacting with the EU or providing products & services to EU residents who collect & process personal data. In effect, this law gives the control back to EU citizens on how their personal data can be utilized.

At Multidots we believe in engaging customers based on a relationship built on honesty, trust, transparency and dependability. Multidots is committed to comply with the applicable GDPR regulations from 25th May 2018. Working in conjunction with our stakeholders, we explore opportunities within our service offerings to make policies and procedures in line with the GDPR compliances ensuring that customers & partners share long standing relations with us with unquestionable reassurances for data security & privacy abiding by the laws in multiple geographies and now the EU.

GDPR Quick Facts

A lot of discussions, a lot of speculations but here is what we learn and have taken actions to abide by this very powerful law.

What Kind of Private Data Does GDPR Protect?

A whole load of data we did not know is private enough will be protected by the GDPR.

Data Protected by GDPR

  • Name, address or ID numbers – effectively basi identity information
  • Genetic data inclusive of health records
  • Ethnic or racial data
  • Web based data such as cookies, IP address, location & RFID tags
  • Opinions of political nature
  • Biometric data

What Enterprises Need to Implement GDPR?

Any organization that stores or processes information personal in nature pertaining to EU citizens within EU states is mandated to comply with GDPR. This does not essentially require the company to have a business presence directly within the EU.

Enterprises Needing to Comply with GDPR

  • Presence in any of the EU countries
  • No presence in the EU, however, organization processes personal data of European residents
  • Employee strength exceeds 250
  • Employee strength is less than 250, however, its data-processing activities have an impact on the freedom and privileges of the members and or includes specific personal data sensitive in nature

Our Approach

As a dynamic & trusted software service provider, our processes are fully derived to be compliant with GDPR and we take ownership to maintain the safety & security of your valuable data. Integrity is our fundamental value and makes up the core of our corporate philosophy keeping us committed to center our engagement around this approach.

Our policies have been updated to assist you in comprehending your privacy rights in a methodical way in alignment with our continual effort to maintain GDPR compliance. We understand the essential aspects of securing personal data by leveraging security, privacy, confidentiality, availability & integrity in a world primarily driven by data. This is the reason our systems, processes, approach & methods are constantly re-invented to enable us serve customers in a trusted way with absolutely no compromises made to the data.

Our Goals

Our primary goals focus on incorporating the below critical components to make our processes more robust to handle customer data & systems.









Our GDPR Framework

We conceptualize a GDPR framework with distinct phases effectively encompassing GDPR readiness for all our customers to help them manage privacy & security allowing them to reduce risks and keep a tab on incidents.

The GDPR Processes at Multidots


  • Identifying personal data or Personally Identifiable Information (PII) of the data subject
  • Conducting GDPR awareness trainings
  • Analyze risk & requirement of new controls by conducting Privacy Impact Assessment (PIA)


  • Address applicable rights of data subjects by adapting to consent management techniques
  • Privacy Impact Assessment (PIA) subject to periodic review
  • Reconfirm the privacy & protection of data by making the relevant changes
  • Updates to privacy policy with the PIA as a baseline


  • Present our GDPR framework and revise our agreements with the client based on GDPR compliance

Agility in Implementation

  • Regular review of Privacy Impact Assessment (PIA)
  • Enhancing security measures with PIA as a baseline
  • Regular trainings
  • GDPR framework subject to periodic review
  • Analyzing measurable objectives in a periodic manner

Where We Stand

The GDPR is a complex legislation, and we are working extensively to be sure that all our services are compliant with this new regulation The privacy and security of our clients, their customers, partners and candidates are of utmost importance to us.

The Mulatidots GDPR Roadmap

  • Thorough research into how the solutions and services we offer may be impacted by GDPR
  • Development of a strategy addressing the areas in our company impacted by GDPR
  • Creation of a precise inventory of all personal information that we control
  • Rewriting and updating our Privacy Policy
  • Implementation of an email Subscription Center
  • Performing all necessary changes to our internal processes & procedures to achieve and maintain compliance with GDPR
  • Updating our websites to be GDPR compliant in terms of the capturing and tracking of personal data
  • Thorough testing the changes to verify & validate compliance with GDPR
  • Finalizing and communicating that we are fully compliant

Where You Stand

By the virtue of being associated with Multidots, we help you with being GDPR aware & compliant.

Get to know GDPR

  • Familiarize yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with your stakeholders

Audit your data & processes for data capture

  • Consider creating an updated and precise inventory of all personal information that you control
  • Review your current controls and processes to ensure that they’re adequate and build a plan to address any gaps.

Stay informed

  • Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain assistance that is relative to your unique circumstances
  • If you are a company outside of the EU, the regulation still affects you
  • The provisions of the GDPR apply to any organization that processes the personal data of individuals within the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU

The Next Step

Our commitment in the areas of security, data privacy and governance solutions mean that we empower our partners & customers by keeping them on the right track on their roadmap to GDPR compliance.

The EU GDPR is already in effect since 25th May 2018 and to abide by it we have our comprehensive compliance framework for all our services & products. To ensure we extend support to all our customers for GDPR, we review & enhance all our offerings for GDPR and also curate approaches to make all that makes us GDPR ready while keeping all stakeholders actively involved.

Data protection principles are fundamentally a part of our own offerings as well as business processes and become a part of our continual assurance to privacy by design.

If you have any questions, please don’t hesitate to contact us at privacy@multidots.com

Copyright Multidots Solutions Pvt. Ltd. 2018. This document is provided as of August 2018, for informational purposes only. It is subject to change or removal without notice.