Privacy and Data Security Are Built into Our Business Processes, Policies and Practices
We value and protect the data with which our clients have entrusted us. Features our Global Privacy Program include:
- Leadership oversight, involvement and support
- Holistic and resilient Privacy Risk Assessment Framework
- Global subject matter experts, supported by external Data Protection Officers (DPOs)
- Driving privacy culture into our day-to-day operations, including rigorous privacy training programs
- Industry-recognized certifications:
We Are Guided by Our Robust Privacy Governance Structure
Privacy & Security Champions
A core tenet of our program includes a cross-disciplinary network of privacy ambassadors acting as a direct liaison between the privacy office and their respective functions.
Privacy & Security champions support the Global Privacy Office by conducting privacy assessments, further disseminating privacy best practices and contribute to our extensive compliance efforts.
Global presence
Our privacy
governance structure
A network of
900+
Privacy & Security Champions
400+
CIPP/E trained Privacy & Security Champions
30+
Data privacy training programs accessible to all employees
Our Data Protection Officer
We have partnered with HewardMills, our external global DPO that provides expert data privacy and protection guidance covering the breadth of the data regulatory ecosystem worldwide. HewardMills’ global team is on hand to ensure HCLTech complies with key regulations and offers strategic steer when required.
It’s been a rewarding journey growing alongside a leading global tech company the size of HCLTech, working closely with HCLTech’s Global Privacy Office and team of experts to ensure their regulatory and data obligations are met throughout the regions they serve their clients. The launch of HCLTech’s Privacy Trust Center is a great initiative that demonstrates best practice and is a robust resource that many people will find invaluable.”
Dyann Heward-Mills
HewardMills, CEOGuided by the European Union's General Data Protection Regulation (GDPR)
The GDPR is widely considered the strongest privacy and security law in the world and our integrated privacy compliance framework meets the standards set out by the law. Here are the critical components of our operating model:
Privacy Risk Management
All client engagements, corporate processes, initiatives, projects, tools and applications are assessed for privacy risks and are continually monitored by the Global Privacy Office in partnership with our exhaustive network of Privacy Champions. Additionally, all third parties (vendors and suppliers) are subject to due diligence and oversight with full contractual commitment toward privacy obligations.
Incident Response System
Privacy incidents are managed in a top-down approach, under overall Information Security Incident Management Program and supported by a highly sophisticated and specialized group of security professionals – the Cyber Security Incident Response team (CSIRT). Through various channels of communication and training, the HCLTech workforce are routinely educated on privacy and security best practices, thus minimizing, and preventing unauthorized access of both client and employee personal data. Additionally, our Incident Management tool is readily accessible to all employees to ensure a seamless and efficient approach to reporting and tracking incidents.
International Data Transfers
HCLTech relies on legal frameworks relating to transfer of personal data across international borders inter alia, European Commission’s adequacy decisions and standard contractual clauses, UK’s adequacy decisions and International Data Transfer Agreement/Addendum as published by ICO, Swiss Adequacy decisions, or Brazil’s rules and regulations on international transfers.
In absence of such legal frameworks, HCLTech relies on robust contractual clauses drafted in-line with industry recognized standards and privacy & data protection regulations across the globe. These contractual clauses are tailored to the relationship HCLTech holds with our clients or vendors.
The controls, as listed above, enables HCLTech to seamlessly transfer and exchange personal data across international borders whilst ensuring the rights and freedoms of individuals are adequately protected.
Binding Corporate Rules (BCRs) are a set of legally enforceable rules for processing personal data and recognized as the gold standard for transfers of personal data out of the European Economic Area (EEA). These rules ensure that adequate safeguards are in place to protect the rights of data subjects when personal data of our clients and employees transferred between members of corporate HCLTech group to countries outside the EEA. Our Global Privacy Office is currently pursuing the approval to implement BCRs as both a data processor (covering the processing of clients’ data) and data controller (covering the data of our employees and other business associates). Upon approval of the processor BCRs, we will help customers meet the highest standards for data protection compliance expected in the EEA and avoid costs and the difficulty of having to implement and maintain a matrix of contracts for data transfers.
Security Practices
Our cybersecurity practices are in line with the Global NIST cybersecurity framework and recognized industry standards such as ISO 27001. We take pride in pursuing ways to enhance awareness, train and educate our workforce and foster a culture of data protection and privacy across the organization.
HCLTech maintains a robust Information Security Management System (ISMS) that holds both ISO 27001:2013 and ISO 27701 PIMS certifications, demonstrating next-level data protection.
Privacy Culture
HCLTech ensures a strong privacy-conscious culture through:
- Annual and as-needed trainings related to privacy and security
- Regular communications on privacy and its impact at work
- Global awareness campaigns and roadshows
- Continually earning certifications from recognized bodies
Meet Our Ecosystem Partners
Leaders’ Message
Responsible Data Management
and Governance
We strive to align our privacy practices with the organization’s environmental, social and governance (ESG) goals to ensure responsible data management.
HCLTech is recognized among industry leaders for our information security practices and data privacy standards which are annually attested and certified by independent bodies.
Our enterprise privacy policies, standards and disclosures ensure regulatory compliance and assure employees and stakeholders that our data handling is proper and ethical, thus further strengthening data governance.
We routinely demonstrate the effectiveness of our privacy program to the HCLTech board of directors who have direct oversight of our governance framework.
Global Privacy Office Whitepaper
Discover the far-reaching scope of our Global Data Privacy program
DownloadSubscribe to the HCLTech Newsletter
for our latest news and insights