View Categories

Data Security and Compliance (GDPR, CCPA)

2 min read

Overview #

SeqSMART was designed with data protection, regulatory compliance, and institutional trust at its core.
Handling sensitive genomic and clinical information requires a secure framework that not only protects user data but also ensures full compliance with global privacy regulations.

This article outlines how SeqSMART meets these standards through its architecture, data-handling practices, and governance model.

1. Compliance Framework #

SeqSMART complies with the key international data-protection frameworks relevant to genomic data processing:

  • General Data Protection Regulation (GDPR – EU 2016/679)
     Ensures lawful, fair, and transparent processing of personal and genomic data within the European Economic Area.
  • California Consumer Privacy Act (CCPA – 2018)
     Provides transparency and control for users in the United States regarding personal data access and deletion.

SeqSMART continuously monitors regulatory updates and adjusts internal policies to maintain alignment with evolving global standards.

2. Data-Handling Principles #

All SeqSMART operations follow strict, auditable principles for secure data management:

  1. Data Minimization – Only essential information required for analysis is collected and stored.
  2. Purpose Limitation – Data is processed solely for genomic interpretation and related research workflows.
  3. Transparency – Every data point and process is traceable through system logs.
  4. Access Control – Only authorized users (as defined by role-based permissions) can access sensitive information.
  5. Retention and Deletion – Data is stored only for the period required by institutional or contractual obligations and can be securely deleted upon request.

3. Security Layers and Encryption #

SeqSMART enforces multiple security layers at both the infrastructure and application level:

  • Encryption in transit and at rest using industry-standard protocols (TLS 1.3, AES-256).
  • Role-based authentication with strong password and token management.
  • Two-factor authentication (2FA) support for institutional users.
  • Continuous audit logging of user actions, case modifications, and access events.
  • Automated backups and integrity checks for all genomic data.
  • Isolation of analysis environments in multi-tenant deployments.

These mechanisms ensure that no unauthorized party can access or modify genomic data, either during processing or in storage.

4. Institutional Deployment and Data Sovereignty #

SeqSMART supports local and hybrid deployments to satisfy institutional and national data-sovereignty requirements.

  • Institutions can host the entire platform on-premise or within their private cloud infrastructure.
  • All genomic and metadata remain under the direct control of the hosting organization.
  • Administrators can define where data is stored, how backups are managed, and how long records are retained.

This flexibility guarantees that SeqSMART can operate under diverse regulatory environments while maintaining full compliance with local and international policies.

5. User Rights and Access Control #

SeqSMART fully respects user and institutional rights defined by GDPR and CCPA, including:

  • Right of access – Users can request a full record of their stored data.
  • Right of correction – Incorrect or outdated information can be rectified.
  • Right of deletion – Data can be permanently deleted upon authorized request.
  • Right of restriction – Processing can be limited to specific purposes when necessary.
  • Right to data portability – Data can be exported in structured, commonly used formats (e.g., JSON, VCF, CSV).

Requests related to these rights can be initiated directly through the SeqSMART administrative dashboard or by contacting the SeqSMART compliance team.

6. Institutional Responsibility #

SeqSMART acts as a data processor for its institutional clients, who remain the data controllers under GDPR and CCPA definitions.
This means:

  • SeqSMART provides the technical and procedural safeguards for secure processing.
  • Institutions determine what data are uploaded, processed, or deleted.
  • Every operation is logged to ensure full accountability and traceability.

7. Transparency and Continuous Compliance #

To maintain transparency, SeqSMART regularly reviews its infrastructure and internal security procedures.
Routine audits, vulnerability assessments, and software updates are conducted to guarantee ongoing compliance with data-protection requirements and ISO-aligned security standards.

8. Reference Documents #

For detailed legal terms and data-handling clauses, please refer to the following official documents:

  • Terms of Service
     Defines user responsibilities, acceptable use, and institutional agreements.
  • Privacy Policy
     Describes in detail how SeqSMART collects, stores, and protects personal and genomic information.

SeqSMART provides a comprehensive, regulation-compliant environment for genomic data analysis.
Through encryption, access control, and institutional flexibility, it safeguards every aspect of data integrity and privacy while meeting GDPR and CCPA obligations.

SeqSMART Compliance Principle:
 Secure by design, compliant by commitment.