Why Sigma?

Security & Privacy

Data is an important asset that needs protection and may be subject to privacy regulations

Sigma is ISO27001 Certified and 100% GDPR Compliant

We have the most rigorous data security and privacy procedures in the industry.

Data security is crucial in data collection and annotation. Data can contain sensitive information. Whether the data contains personal information or other confidential information types, it has to be protected. Even when data is non-confidential, it is a company asset that needs protection since it takes time and resources to obtain and, therefore, provides a competitive advantage.

Data security requires many technologies, procedures, and measures to protect data from intentional or accidental destruction, modification, disclosure, or theft. Data security can be divided into two main areas: cybersecurity and physical security.

Cybersecurity includes technologies, processes, tools, and practices that ensure the protection of computers, servers, communications, mobile devices, and data from malicious attacks. It also controls and registers access to the company’s electronic resources.

On the other hand, physical security, generally speaking, protects people and property. In the context of data, it includes security measures to protect computers, communications, and storage devices physically and prevent on-premise unauthorized access to the data.

Sigma takes security very seriously, so it has the ISO27001 certification and has developed several technologies and protocols to satisfy all security customer needs.

Data Privacy: While the demand for data is growing, processing of personal data increasingly requires compliance with more stringent regulations, whose roles are to ensure that AI technology can progress while protecting personal data. The European General Data Protection Regulation (GDPR) is, to our knowledge, the strictest data protection regulation.

The essence of GDPR is that personal information has to be used in a way that protects the privacy of the data subject in the best possible way and that each person has the right to decide how his/her personal data is utilized.

In summary, it requires to:

  • Control the personal data, to be clear about what the data is going to be used for, and, at the moment of data collection, to explain clearly this use of personal data to the subject, so the person can make an informed choice on whether or not to consent to the data collection.
  • Limit the data collection to the minimum necessary for achieving the goal for which the data is going to be collected and processed
  • Inform data subjects on who is the data controller, how to contact the data controller, the legal basis for processing the data, what categories of personal data are going to be processed, and the data subject’s rights.
  • Document how the data protection requirements are met.

GDPR compliance requires expert legal advice in the area, or outsourcing the data collection and annotation to companies, such as Sigma, that is GDPR compliant and has specialized personnel to undertake personal data projects.