Privacy and Data Security Are Built into Our Business Processes, Policies and Practices
We value and protect the data with which our clients have entrusted us. Features our Global Privacy Program include:
- Leadership oversight, involvement and support
- Holistic and resilient Privacy Risk Assessment Framework
- Global subject matter experts, supported by external Data Protection Officers (DPOs)
- Driving privacy culture into our day-to-day operations, including rigorous privacy training programs
- Industry-recognized certifications:
We Are Guided by Our Robust Privacy Governance Structure
Our experts
Dedicated experts and privacy officers work closely with a broad range of internal and external stakeholders to implement our privacy framework effectively and efficiently for HCLTech and our customers alike.
Privacy & Security Champions
The Global Privacy Office also leverages the on-going support of our Privacy & Security Champion community.
Global presence
Our privacy officers and subject matter experts that span across the globe are the anchors of our program. They are responsible for overseeing and implementing data protection strategy and ensuring data privacy compliance.
Privacy & Security Champions
A core tenet of our program includes a cross-disciplinary network of privacy ambassadors acting as a direct liaison between the privacy office and their respective functions.
Privacy & Security champions support the Global Privacy Office by conducting privacy assessments, further disseminating privacy best practices and contribute to our extensive compliance efforts.
Global presence
Our privacy
governance structure
A network of
900+
Privacy & Security Champions
400+
CIPP/E trained Privacy & Security Champions
30+
Data privacy training programs accessible to all employees
Our Data Protection Officer
We have partnered with HewardMills, our external global DPO that provides expert data privacy and protection guidance covering the breadth of the data regulatory ecosystem worldwide. HewardMills’ global team is on hand to ensure HCLTech complies with key regulations and offers strategic steer when required.
It’s been a rewarding journey growing alongside a leading global tech company the size of HCLTech, working closely with HCLTech’s Global Privacy Office and team of experts to ensure their regulatory and data obligations are met throughout the regions they serve their clients. The launch of HCLTech’s Privacy Trust Center is a great initiative that demonstrates best practice and is a robust resource that many people will find invaluable.”
Dyann Heward-Mills
HewardMills, CEOThe Pulse of Our Privacy Principles
Our enterprise privacy and data protection framework is supported by ‘privacy by design’ principles and essential controls. The privacy program requires all processing activities, technologies and tools to be lawful and comply with a defined set of privacy principles.
Any personal data that we process in our capacity as a data processor on behalf of our clients is strictly processed under the instruction of our clients and is not processed for any other purpose.
Lawfulness, fairness and transparency
When processing personal data, HCLTech ensures there is a legal basis to do so and it is communicated to the individuals prior to processing of data.
Purpose limitation
Personal data is processed only for the purposes communicated at the time of collection. For any additional purposes, HCLTech informs individuals about the additional purpose prior to undertaking that processing activity.
Data minimization
HCLTech ensures that the processing of personal data is adequate, relevant and necessary to meet the specified purpose at the time of collection.
Accuracy
HCLTech takes reasonable steps to ensure that the personal data it holds is kept accurate and relevant to the purposes for which it was collected.
Storage limitation
HCLTech ensures that personal data no longer needed for the purposes specified at the time of collection is deleted in accordance with law and organization policies. For all such stored data, adequate security and technical controls are implemented.
Integrity and confidentiality
HCLTech is committed to adequately protecting personal data by implementing necessary technical and organizational measures.
Accountability
HCLTech has effectively implemented its Privacy Policy and necessary procedures, tools and resources to ensure we uphold our commitments with respect to personal data protection.
Control of your data
HCLTech provides data subjects with a request workflow platform to exercise their control over their personal data through the Data Subject Request Portal.
Guided by the European Union's General Data Protection Regulation (GDPR)
The GDPR is widely considered the strongest privacy and security law in the world and our integrated privacy compliance framework meets the standards set out by the law. Here are the critical components of our operating model:
Privacy Risk Management
The Privacy Risk Management Framework is a proactive approach in protecting personal data and systematically managing privacy risks in our processes.
Incident Response System
Our mature and sustainable incident response system allows us to maintain confidence with our customers.
International Data Transfers
As a global organization that spans across 60 countries, HCLTech has appropriate legal mechanisms in place for transfer of personal data across regions where necessary.
Security Practices
The cybersecurity practices implemented by HCLTech are in line with the Global NIST cybersecurity framework and industry-recognized standards.
Privacy Culture
HCLTech is committed to creating a cultulre of privacy within the organization. We foster awareness and education through various channels of communications and platforms.
Privacy Risk Management
All client engagements, corporate processes, initiatives, projects, tools and applications are assessed for privacy risks and are continually monitored by the Global Privacy Office in partnership with our exhaustive network of Privacy Champions. Additionally, all third parties (vendors and suppliers) are subject to due diligence and oversight with full contractual commitment toward privacy obligations.
Risk Monitoring
and Improvement
Establishing
Context
Identify privacy
Risks
Risks Analysis and
Evaluation
Risk Treatment
Risk communication
and consultation
Incident Response System
Privacy incidents are managed in a top-down approach, under overall Information Security Incident Management Program and supported by a highly sophisticated and specialized group of security professionals – the Cyber Security Incident Response team (CSIRT). Through various channels of communication and training, the HCLTech workforce are routinely educated on privacy and security best practices, thus minimizing, and preventing unauthorized access of both client and employee personal data. Additionally, our Incident Management tool is readily accessible to all employees to ensure a seamless and efficient approach to reporting and tracking incidents.
International Data Transfers
HCLTech relies on legal frameworks relating to transfer of personal data across international borders inter alia, European Commission’s adequacy decisions and standard contractual clauses, UK’s adequacy decisions and International Data Transfer Agreement/Addendum as published by ICO, Swiss Adequacy decisions, or Brazil’s rules and regulations on international transfers.
In absence of such legal frameworks, HCLTech relies on robust contractual clauses drafted in-line with industry recognized standards and privacy & data protection regulations across the globe. These contractual clauses are tailored to the relationship HCLTech holds with our clients or vendors.
The controls, as listed above, enables HCLTech to seamlessly transfer and exchange personal data across international borders whilst ensuring the rights and freedoms of individuals are adequately protected.
Binding Corporate Rules (BCRs) are a set of legally enforceable rules for processing personal data and recognized as the gold standard for transfers of personal data out of the European Economic Area (EEA). These rules ensure that adequate safeguards are in place to protect the rights of data subjects when personal data of our clients and employees transferred between members of corporate HCLTech group to countries outside the EEA. Our Global Privacy Office is currently pursuing the approval to implement BCRs as both a data processor (covering the processing of clients’ data) and data controller (covering the data of our employees and other business associates). Upon approval of the processor BCRs, we will help customers meet the highest standards for data protection compliance expected in the EEA and avoid costs and the difficulty of having to implement and maintain a matrix of contracts for data transfers.
Security Practices
Our cybersecurity practices are in line with the Global NIST cybersecurity framework and recognized industry standards such as ISO 27001. We take pride in pursuing ways to enhance awareness, train and educate our workforce and foster a culture of data protection and privacy across the organization.
HCLTech maintains a robust Information Security Management System (ISMS) that holds both ISO 27001:2013 and ISO 27701 PIMS certifications, demonstrating next-level data protection.
Privacy Culture
HCLTech ensures a strong privacy-conscious culture through:
- Annual and as-needed trainings related to privacy and security
- Regular communications on privacy and its impact at work
- Global awareness campaigns and roadshows
- Continually earning certifications from recognized bodies
Meet Our Ecosystem Partners
Leaders’ Message
“As a leading edge, digital organization, it is imperative to have a well-governed privacy program to meet regulatory compliance demands and the ever-evolving risk landscape. HCLTech’s Global Privacy Office enables a sustainable, scalable, future-ready data governance framework, that ensures trust and transparency with our clients, partners, employees, and regulators.”
Kevin McGee
Corporate Vice President, Risk and Compliance, HCLTech
Responsible Data Management
and Governance
We strive to align our privacy practices with the organization’s environmental, social and governance (ESG) goals to ensure responsible data management.
HCLTech is recognized among industry leaders for our information security practices and data privacy standards which are annually attested and certified by independent bodies.
Our enterprise privacy policies, standards and disclosures ensure regulatory compliance and assure employees and stakeholders that our data handling is proper and ethical, thus further strengthening data governance.
We routinely demonstrate the effectiveness of our privacy program to the HCLTech board of directors who have direct oversight of our governance framework.
Global Privacy Office Whitepaper
Discover the far-reaching scope of our Global Data Privacy program
DownloadSubscribe to the HCLTech Newsletter
for our latest news and insights