General Data Protection Regulation
Regulation (EU) 2016/679
At Certain, we care deeply about the security of our customer’s data and ensuring our customers are able to easily comply with the most widely-accepted privacy standards and regulations in the world.
Certain is already the most secure event automation platform in the world with security and protection frameworks in place including PCI DSS, HIPAA, SOX, SSAE16, Cloud Security Alliance, OWASP, and the EU-US Privacy Shield.
We have been actively working through the requirements and enhancing our products to enable our customers to comply with the GDPR when it becomes enforceable on May 25, 2018. Certain’s customer success teams will work with our customers to share and advise of any significant changes made to our products and services to support compliance.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation by which the European Parliament, the Council of the European Union, and the European Commission, intend to strengthen data protection for all individuals. It allows EU residents more control over their personal data and ensures their data is protected by organizations they interact with.
The aim of the GDPR is to unify data privacy laws across Europe to keep up with the massive advancement in technology over the past two decades. Personal data of individuals should be:
- Processed lawfully, fairly, and transparently to the individual
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those
- Adequate, relevant, and limited to what is necessary for achieving those purposes
- Accurate and kept up to date
- Stored no longer than necessary to achieve the purposes for which it was collected
- Properly secured against accidental loss, destruction, or damage
Who is in scope of GDPR?
GDPR regulation applies to the processing of an EU citizen or resident’s personal data, whether the processing is taking place in the EU or not.
Breaking it down — The GDPR consists of:
Recitals explain why the GDPR “law” is going into effect and what they hope to achieve (total of: 173 recitals).
Articles are actual rules and requirements we must comply with (total of: 99 articles).
Who’s Who for GDPR?
Data Controller – Customer
An organization that has relationships with Data Subjects and “processes” their personal data
For our Customers, Certain is a “Data Processor”
Data Processor – Certain
3rd party that works for a data controller and processes personal data on behalf of the Data Controller
What is Certain Doing to Prepare?
Addressing Key Requirements – How is Certain Readying for GDPR Compliance?
Trust is one of the cornerstone values at Certain. As such, we are committed to the security of our customer’s data and their customer’s data. To meet GDPR compliance, we are taking a principled approach by being transparent about the uses of data within our solution.
The right of access to personal information
The Global Data Protection Regulation (GDPR) requires that an individual be able to obtain a copy of their data in a standard (machine-readable) format. Certain provides full control to customers over their data and ways to access it with ease.
The right to rectification
Under the GDPR, an individual can ask you to rectify any incorrect personal information held about them. Certain enables its customers to quickly find and edit an individual’s details, and make them available in desired format.
The right to be forgotten
Under the GDPR, an individual can ask you to remove their personal data. Certain is providing tools to its customers to remove all personally identifiable information for individuals as and when requested.
Additional questions about GDPR and how Certain is working toward compliance? Please contact your Customer Success Manager.