GDPR Compliance Policy 

1. Introduction

Devopstrio Ltd (“we”, “our”, “us”) is committed to protecting the privacy and personal data of our clients, employees, and partners. We comply with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable data protection laws where we operate.

This policy outlines how we ensure compliance with GDPR principles and protect data subjects’ rights. 

2. Scope

This policy applies to: 

  • All employees, contractors, and consultants of Devopstrio Ltd.
  • All business activities involving personal data, including consulting, advisory, cloud, and digital transformation services.
  • Personal data of clients, website visitors, employees, and third parties. 

3. GDPR Principles

We process personal data in line with the seven key principles of GDPR:

  • Lawfulness, Fairness, Transparency – Processing data lawfully and clearly.
  • Purpose Limitation – Collecting data only for specified, legitimate purposes.
  • Data Minimisation – Collecting only data necessary for the purpose.
  • Accuracy – Ensuring personal data is accurate and up to date.
  • Storage Limitation – Retaining data only as long as necessary.
  • Integrity & Confidentiality – Protecting data with appropriate technical and organisational security.
  • Accountability – Demonstrating compliance through policies, audits, and governance.

4. Data Subject Rights

We respect and enable the rights of individuals under GDPR:

  • Right to access personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with a supervisory authority (e.g., ICO in the UK).

5. Legal Basis for Processing

We process data based on: 

  • Contractual necessity – to deliver our services.
  • Legitimate interests – to improve operations and security.
  • Legal obligations – to comply with statutory requirements.
  • Consent – for marketing or optional communications. 

6. Data Protection Governance

  • Data Protection Officer (DPO): [Assign if required, otherwise a Compliance Officer].
  • Records of Processing Activities (ROPA): Maintained as per GDPR Article 30.
  • Data Protection Impact Assessments (DPIAs): Conducted for high-risk processing.
  • Training & Awareness: All employees receive GDPR training. 

7. Security & Technical Measures

We apply appropriate safeguards including: 

  • Encryption and secure transmission of data.
  • Access controls and role-based permissions.
  • Regular security audits and monitoring.
  • Incident response and breach notification processes.

8. Data Breach Notification

In the event of a data breach: 

  • We will notify the ICO (UK) within 72 hours (where required).
  • Data subjects will be informed without undue delay if their rights are at high risk.
  • All incidents will be documented and investigated.

9. International Data Transfers

When transferring data outside the UK/EU (e.g., to the US or India), we ensure:

  • Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs) are in place.
  • Additional safeguards such as encryption and data minimisation.
  • Vendor due diligence for compliance assurance. 

10. Data Retention 

  • Personal data is kept only as long as necessary for business or legal purposes. A Data Retention Schedule is maintained to govern deletion timelines.

 11. Third-Party Processors

  • We use third-party vendors (e.g., cloud providers, IT service firms) under strict Data Processing Agreements (DPAs) to ensure GDPR compliance.

12. Roles & Responsibilities 

  • Board of Directors: Ultimate accountability for GDPR compliance.
  • Compliance/DPO: Oversees GDPR obligations and training.
  • Employees: Must adhere to GDPR practices in daily operations. 

13. Review & Updates

  • This policy will be reviewed annually or sooner if regulatory changes occur. Updates will be communicated to all employees and stakeholders. 


14. Contact Us 

For GDPR or data protection queries: 

Devopstrio Ltd – Data Protection Office 

UK Office: 128 City Road, London, EC1V 2NX.

US Office: 522 Aventura Dr, Mt Juliet, Tennessee - 37122.

India Office: Embassy Golf Links Business Park, Bengaluru, Karnataka.

                       Primus Building, Door No. SP – 7A, Guindy Chennai, Tamil Nadu.

                       Rajeev Nagar, Pasuvanthanai, Thoothukudi, Tamil Nadu.

🌐 Website: www.devopstrio.co.uk