At Certain, we care deeply about the security of our customer’s data and ensuring our customers are able to easily comply with the most widely-accepted privacy standards and regulations in the world.
Certain is already the most secure event automation platform in the world with security and protection frameworks in place including PCI DSS, HIPAA, SOX, SSAE16, Cloud Security Alliance, OWASP, and the EU-US Privacy Shield.
We have been actively working through the requirements and enhancing our products to enable our customers to comply with the GDPR when it becomes enforceable on May 25, 2018. Certain’s customer success teams will work with our customers to share and advise of any significant changes made to our products and services to support compliance.
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation by which the European Parliament, the Council of the European Union, and the European Commission, intend to strengthen data protection for all individuals. It allows EU residents more control over their personal data and ensures their data is protected by organizations they interact with.
The aim of the GDPR is to unify data privacy laws across Europe to keep up with the massive advancement in technology over the past two decades. Personal data of individuals should be:
European Union Law that holds organizations accountable on data privacy
Strengthens the regulation that protects personal data; has severe penalties
Applies to EU citizens and residents
Ensure equal protection of privacy rights in the EU
Goes into effect May 25th, 2018
Any info relating to an identified or “identifiable” natural person
GDPR regulation applies to the processing of an EU citizen or resident’s personal data, whether the processing is taking place in the EU or not.
Recitals
Recitals explain why the GDPR “law” is going into effect and what they hope to achieve (total of: 173 recitals).
Articles
Articles are actual rules and requirements we must comply with (total of: 99 articles).
An organization that has relationships with Data Subjects and “processes” their personal data
For our Customers, Certain is a “Data Processor”
3rd party that works for a data controller and processes personal data on behalf of the Data Controller
Addressing Key Requirements – How is Certain Readying for GDPR Compliance?
Trust is one of the cornerstone values at Certain. As such, we are committed to the security of our customer’s data and their customer’s data. To meet GDPR compliance, we are taking a principled approach by being transparent about the uses of data within our solution.
The right of access to personal information
The Global Data Protection Regulation (GDPR) requires that an individual be able to obtain a copy of their data in a standard (machine-readable) format. Certain provides full control to customers over their data and ways to access it with ease.
The right to rectification
Under the GDPR, an individual can ask you to rectify any incorrect personal information held about them. Certain enables its customers to quickly find and edit an individual’s details, and make them available in desired format.
The right to be forgotten
Under the GDPR, an individual can ask you to remove their personal data. Certain is providing tools to its customers to remove all personally identifiable information for individuals as and when requested.
Additional questions about GDPR and how Certain is working toward compliance? Please contact your Customer Success Manager.
Products
Solutions
Resources
About
"*" indicates required fields