Data Privacy

Responsible use of personal data & AI

Agenda
01. Data Privacy @ Nagarro

02. Responsible use of Data

03. Responsible use of AI

Data Privacy @ Nagarro
+ Importance of Data Privacy
+ Nagarro Data privacy program
+ Nagarro’s Global Privacy policies
+ “Who’s Who” in data protection world?
+ Nagarro’s Data Privacy Gospels
 Data Privacy
Understanding the importance of data privacy

Privacy is a fundamental The user is owner of their data To protect privacy, we must protect
right personal data

+ Several Constitutions include Privacy + Personal data means someone’s life and their + The more sensitive the personal data is, the
as a fundamental right of a person to choices as to how they decide to live life. greater the risk of harming the person if the
keep their personal life private and + Sensitive data means the important aspects of data is unlawfully used
away from public eyes someone's life, such as health information, + Identity theft is the biggest concern. If someone
political opinions, religious belief, lifestyle, knows your personal data, they can use it
financial status etc. against YOU!
Nagarro privacy program
Nagarro’s data privacy program is based on the GDPR principles to
promote user privacy and maintain customer trust.

Nagarro has a Global Privacy Nagarro maintains Data Nagarro has devised a PRISM Nagarro’s Privacy by Design
Strategy that lays the Privacy Page, which is available framework to put privacy into approach provides guidance
foundation for the Data on SharePoint for all practice and implement it via on how to approach privacy in
Privacy program for the entire Nagarrians. the FALCON tool and other different phases of the project
organization checklists and guidelines. lifecycle.

*GDPR –General Data Protection Regulation - EU Privacy law

 Nagarro’s Global Privacy policies
Learn more about the Nagarro data privacy policies

+ Nagarro, as a Data Controller – when Nagarro processes personal data for its business purposes. Check out the Global Privacy Policy
–Data Controller: Click here

+ Nagarro, as a Data Processor – when Nagarro processes data on the client’s behalf. Check out the Global Privacy Policy –Click here

+ Nagarrian, as a data subject – your privacy is paramount to us and you. Check out the Global Privacy Policy - Click here

+ Global Privacy Council provides guidance on privacy-related matters at the global level. DPOs (Data Protection Officers) are
assigned to each Nagarro entity to support local teams. Reach out to [email protected] for privacy-related matters.

Nagarro Data Privacy Page Data Privacy Risk Assessment & Data Privacy Plan Tool
 “Who’s Who” in data protection world?
Controller, Processor, Data Subjects

Our clients
who initiate the scope of work that involves
Defines the “purpose” and “means” processing personal data
of processing of personal data in
products and services
Nagarro
who initiates the employee personal data
A controller is overall accountable for data
CONTROLLER protection obligations
processing for employment-related purposes

Nagarro
who provides services to our clients that involve
Processes personal data on behalf data processing
and at the instructions of the
Controller. Nagarro vendors
who provides services to Nagarro such as
background verification and payroll services
A processor is responsible to follow controller’s etc.
PROCESSOR instructions as per the data processing agreement

Our Clients
Example: End users of their products and
A person whose personal “data” is services are data subjects
being collected and processed
Nagarro
Example: Nagarrians, business leads, visitors etc.
A data subject is the owner of its data and can are data subjects
DATA SUBJECT exercise data subject rights(access, edit, delete, etc.)
 Nagarro’s Data Privacy Gospels
Learn more about Nagarro’s data privacy practices

The Data Privacy Gospels provide us guidance on data

protection principles to bring “Privacy in Practice.”
Nagarro Privacy Gospels
Follow Nagarro’s data privacy gospels when processing
personal data. + (No) Reuse of data
+ Reduce exposure to data
+ Restrict data storage
+ Refrain from data transfer
+ Respect user privacy
Check out the fun video: Nagarro Privacy Gospels + Respond to data requests
+ Report privacy breach
+ Recover from data breach
Responsible use of
personal data
Do’s of responsible use of
personal data
Responsible use of data

Use data only for the purpose that is required to do the job at hand
Restrict access only to limited team members on a need-to-know basis
Regularly review access to personal data and document it
Enable data masking and encryption to minimize the exposure of personal data
Enable multifactor authentication (MFA) to access personal data
Implement Data Loss Prevention (DLP) on laptops that store or are used to access data
Implement data protection controls as agreed with the client in the contractual documents
Sign a Data Protection Agreement (DPA) before data access or transfer with clients and vendors
Complete the FALCON Privacy Risk Assessment and Data Privacy Plan
Reach out to the Global Privacy team ([email protected]) for any questions
Don’ts of responsible use
of personal data
Responsible use of data

Don’t modify personal data

Don’t make copies of personal data
Don’t download personal data on your laptop
Don’t share your credentials with other team members to access personal data.
Don’t use personal data for testing purposes.
Don’t share personal data with any party without written approval from the client.
Don’t contact the users whose data you have access to
Don’t merge personal data with other set data obtained from third parties
Don’t try to re-identify the anonymized or de-identified data using any techniques
Don’t use third-party libraries or APIs which can expose personal data
Responsible use of AI
“Technology is neither good nor bad; nor is it neutral.

It rests in the hands of those who create, develop, design,

implement it whether to use it for benefits or harm.”

Melvin Kranzberg
Responsible use of AI
Nagarro’s principles of safe use of AI

With the increasing integration of AI into our business

services, it is our responsibility to:

+ Maintain trust and accountability in the development

and deployment processes
+ Comply with AI, security, and privacy regulatory
requirements

Be Human Be Safe Be Responsible Be Fair

Respect human rights + Build security and resilience + Implement transparency + Protect the individual from
Privacy laws of the AI System + Set accountability discrimination and social harms
Keep humans in the loop
Be Respectful
Responsible use of AI

Ensure human rights, privacy laws, and democratic values are respected
Ensure the training data is collected lawfully from trustworthy data sources
Enable data privacy practices such as notice, consent, and data subject rights fulfillment
Ensure that training data is accurate, consistent, reliable, and up to date
Keep humans in the loop to retain control in the high-risk AI system to prevent errors in
decision-making
Establish mechanism for users to provide feedback and challenge the outcome of the AI system
Be Safe
Responsible use of AI

Put in place security controls to safeguard input data, output data, and training data
Protect the AI system from unauthorized access and targeted attacks
Identify vulnerabilities and prevent exploitation of the vulnerability
Build resiliency into the AI system against faults and errors
Be Responsible
Responsible use of AI

Set accountability to uphold the responsible use of AI systems from development to deployment
Responsibly choose the right foundational model and AI algorithm for an AI system
Perform rigorous testing of an AI system to ensure unbiased outcome
Monitor AI system performance to review the outcome and take risk mitigation measures,
as required
Establish a mechanism to enable traceability and the auditability of AI systems.
Conduct AI Impact assessment and maintain documentation of the risks and key decisions
Be Fair
Responsible use of AI

Disclose the use of AI systems to individuals to make them aware

Enable users to interpret AI system output and decision process with proper documentation
Ensure the AI decision-making is not biased and mitigates the risks of discrimination
and social harms
Ensure the accuracy and inclusiveness of the AI system output
Responsible use of AI
Trust is becoming pivotal in this data-driven AI world

The Nagarro’s principles for responsible use of AI provides us

the foundation to gain the necessary trust from customers,
other stakeholders and the community at large.
Thank you