As you may have heard, the General Data Protection Regulation (GDPR) will take effect on May 25, 2018. Many companies and consumers are wondering what GDPR is and how it will impact them. GDPR has been designed to provide individuals with greater control over how their personal data is collected, stored, transferred, and used, while also simplifying the regulatory environment across the European Union (EU). This new regulation will impact both organizations that conduct business in the EU, as well as businesses that maintain or process EU personal data. Entromy recognizes the importance of the evolving legal and regulatory landscape around information security and data privacy and remains firmly committed to GDPR readiness by no later than the effective date. Our ongoing compliance review and actions build on our existing investments in privacy, security, and the operational processes necessary to meet the applicable requirements of GDPR by May 25, 2018.
What is GDPR Compliance and Our Commitment to Security
Here are some ways Entromy is currently providing our customers assurances around the transfer of their personal data and achieving GDPR compliance:
Entromy maintains rigorous technical and organizational security practices and measures both in how we handle customer content, including any personal information located therein, but also in the capabilities our services and products to assist you in safeguarding your Content. We continue to evaluate industry standard practices with respect to data privacy and information security and strive to continuously meet or exceed those standards. To learn more about how we do this, please request our Information Security Policies and Procedures by reaching out to firstname.lastname@example.org. We also note that customer data provided to Entromy is encrypted in transit and at rest.
Data Processing Addendum (EU Standard Contractual Clauses):
We offer our customers a Data Processing Addendum (DPA), which incorporates the EU Standard Contractual Clauses (“SCCs,” also known as the EU Model Clauses) and include Entromy’s security policies as referenced above. The SCCs are a valid and recognized legal mechanism for ensuring that any personal data leaving the European Economic Area will be transferred in compliance with EU data-protection laws. Entromy continues to maintain the operational processes necessary to meet the stringent SCC requirements for the transfer of personal data to processors, which in turn allows us to provide our customers with contractual guarantees for the protection of their personal data. Entromy offers a DPA that includes GDPR-specific language to ensure that Entromy and our customers have appropriate GDPR-specific contractual provisions in place to allow for the legal transfer of personal data.