Strong board and executive management commitment to DXC's compliance with privacy law through appropriate organizations and programs.
DXC’s Ethics and Compliance
- The Ethics and Compliance organization’s charter and responsibilities are evidenced by Board resolution, which assigns day-to-day management responsibility for DXC’s ethics and compliance program to DXC’s Vice President, Ethics and Compliance.
- The Ethics and Compliance Mission: Promote throughout the global DXC Technology community a culture of performance with integrity that encourages ethical conduct and values, and drives compliance with the Code of Business Conduct, internal policies, and the law.
DXC's Global Privacy and Data Protection Office (PDPO).
- Led by DXC’s Group Data Protection Officer based in the European Union (EU), DXC's global PDPO is a well-resourced and qualified strategic compliance function that operates under the authority of DXC's Ethics and Compliance organization.
- The PDPO is responsible and accountable to advise DXC's businesses on best practices in privacy compliance, and to develop policies, procedures, training, risk assessment and monitoring programs that enable DXC to provide adequate levels of personal data protection for its clients, employees and other relevant individuals in all geographies and jurisdictions the world over.
Compliance Policies, Standards, and Processes.
- A strong, globally applicable Privacy and Data Protection Policy which reflects the Generally Accepted Privacy Principles ("GAPP") applicable to the collection, use, storage, and processing of personal data.
- Comprehensive and cohesive compliance standards, processes, and procedures, which ensure consistent privacy and data protection across all of DXC's legal entities and businesses.
Employee Training and Awareness
- DXC takes a holistic approach to ensure privacy-aware employees throughout the employment lifecycle including new-hire instructions, annual awareness briefings, targeted training for high-risk populations, and periodic awareness messaging.
Strong Risk Management Programs
- In light of the inherent exposures to DXC's operational and strategic goals, DXC is committed to ensuring that risk management is a core competency, and an integral part of DXC's business operations that supports and informs reliable, quality decision making.
- Subject to the Chief Risk Officer’s management and direction, the resources in both the Ethics and Compliance organization and its Privacy and Data Protection Office are integral parts of DXC's overall risk assessment program and posture, which includes internal and external audit and monitoring functions.
- With regular privacy risk assessments, the PDPO monitors emerging exposures and remediates weaknesses in an effort to constantly mature DXC's compliance capabilities.
A consistent Privacy Impact Assessment program is carried out on new and changed services, systems, and processes, aiming to disclose potential issues before they become a problem.
Formal data breach handling procedures and a robust 24/7 operated incident response center supplement regulatory and contractual notification requirements, enabling constant vigilance and readiness in case of a crisis.
Strong, Collaborative Cross-Disciplinary Partnerships
- Inclusive of key internal stakeholders, including strong collaborative ties to DXC’s information and physical security, legal, human resources, and key business unit personnel without whom strict compliance with privacy laws is not possible.
Flexible Service Delivery Model
- A strong and robust global service delivery model that is flexible enough to meet the privacy requirements of the highly sensitive, regulated, and classified data environments.
Formal Dispute Resolution Mechanism
- A one-stop point of contact for our employees and clients for any privacy related matters regardless of the geography, business, or service. If you have specific concerns or requests, please feel free to send an email to firstname.lastname@example.org.