Data privacy and security is fundamental in Ledidi Core. This guides all functional and technical design choices. Also, adherence to privacy laws and regulations, and national and internationally recognised compliance frameworks, is a crucial component of our continuous work to provide a secure platform at the highest standards for sensitive data.
Features in Ledidi Core that are designed to enhance privacy
-
Privileges and Role-Based Access Management
All privileges at the user level and for roles are by default turned off. This means that access to all primary data and aggregated data (in the analysis module) is by default denied until the project owner actively assigns access for project collaborators. Access management can be further controlled at a granular level by using other features such as statuses and privileged access to specific variables.
-
Privacy-Preserving Data Analysis
Ledidi Core is designed for collaboration and sharing of sensitive data through the means of Privacy-Preserving Data Analysis. Using privileges and roles for data access management, the platform is specifically designed for collaboration and sharing of aggregated data without exposure of the underlying primary data that may contain sensitive personal information or data that should be protected for other reasons.
-
Data Processing Addendum
Ledidi offers a EU GDPR-compliant Data Processing Addendum (DPA), which enables all users and customers to comply with EU GDPR. The DPA supplements the Ledidi Subscription Agreement and the Terms of Service governing the use of the Ledidi services.The DPA applies automatically to all users and customers globally who require it to comply with the GDPR whenever our users and customers use our services to process personal data, regardless of which data protection laws apply to that processing.
-
Compliance with GDPR, HIPAA and ISO 27001
Ledidi is compliant with EU GDPR. We use state of the art technologies and organisational measures for data protection and the platform is designed according to the principle of privacy by design and default. We also comply with US HIPAA (Health Insurance Portability and Accountability Act) regulations and undergo regular auditing. Ledidi is ISO 27001 certified, and we continuously work to improve and maintain the highest standards for data privacy and protection, which includes adhering to other relevant national and international data privacy and security frameworks as well as undergoing relevant certifications such as the National Data Guardian (NHS)'s data security standards.
Details on the compliance certificates obtained by Ledidi can be accessed and downloaded via the Ledidi Trust Centre.
-
Two-Factor Authentication
Two-factor authentication is mandatory to prevent unauthorised access to user data. When logging onto the platform, users are required to enter time-sensitive verification codes from an authenticator app of their choice (typically Google Authenticator or Microsoft Authenticator). We have compiled this guide to help new users get started with two-factor authentication when accessing Ledidi Core for the first time.
Ledidi Core can also be integrated with institutional authentication infrastructure with Single Sign-On (SSO).