Empuls maintains documented incident response and data subject request procedures covering breach detection, notification, mitigation, and the full range of individual rights — including access, correction, deletion, and restriction of personal data — in compliance with GDPR and other applicable privacy laws.
Privacy Breach Detection and Response
Empuls operates a structured incident response programme designed to detect, investigate, and contain privacy breaches within defined timeframes. When a potential breach is identified — through automated monitoring, internal reporting, or a third-party notification — Empuls initiates a triage process to assess scope, severity, and the categories of personal data involved. Once a breach is confirmed, Empuls follows documented notification procedures aligned with GDPR and other applicable privacy regulations. This includes reporting to relevant supervisory authorities within the mandated timeframe and, where required, notifying affected individuals with a clear account of what occurred and what protective steps they should take. Mitigation runs in parallel with notification. Empuls isolates affected systems, remediates identified vulnerabilities, and conducts a root-cause analysis to prevent recurrence. These controls are independently audited as part of Empuls’s ISO 27001 certification and SOC 2 Type II compliance programme, providing third-party verification that incident handling meets rigorous security standards.Data Subject Requests
Empuls supports the full range of data subject rights recognised under applicable regulations. Any individual whose personal data Empuls processes can submit a formal request for access (obtaining a copy of their data), correction (updating inaccurate records), deletion (erasing data where no valid processing basis remains), or restriction (limiting processing while a dispute is resolved). Requests are logged through a dedicated intake process and assigned to the appropriate privacy team member. Empuls acknowledges requests promptly and completes them within the timeframes stipulated by applicable law — typically 30 days, with a single extension available where the complexity of the request warrants it.Requests Across Integrated Systems
When Empuls is connected to an HRIS such as Workday, SAP SuccessFactors, or Darwinbox, some personal data originates in the source system and synchronises into Empuls on a recurring basis. For correction or deletion requests in these environments, Empuls coordinates with the customer’s HR or IT team to ensure changes are applied consistently across both systems, preventing data conflicts after subsequent synchronisation cycles run. For organisations that have enabled Empuls’s integrations with Slack or Microsoft Teams, breach notifications and data subject request acknowledgements can be routed through those channels, reaching employees in the tools they already use and reducing response friction during time-sensitive incidents.Compliance Assurance
Empuls reviews and updates its privacy breach and data subject request procedures in line with changes to applicable regulations and the findings of its annual ISO 27001 and SOC 2 Type II audits. Customers can request relevant documentation through their account team to support their own compliance assessments or vendor due-diligence processes. Learn more: Empuls Help Centre — GeneralData Retention and Deletion Policies
Understand how long Empuls retains different categories of personal data and how deletion is enforced at contract end or upon request.
Security Certifications: ISO 27001 and SOC 2
Learn how Empuls’s ISO 27001 and SOC 2 Type II certifications validate its security and privacy controls through independent audits.