General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to improve data protection for all individuals within the European Union (EU).
Natero is aware of new GDPR requirements and restrictions and will be fully compliant with GDPR when it comes into effect on May 25, 2018.
To that end, some of the key actions we’ve taken to ensure compliance include:
Data Protection Officer
Appointment of a Data Protection Officer (DPO) to ensure that our policies and practices remain in compliance going forward and that we embrace a policy of data protection by design and by default.
Personally Identifiable Information
A complete review of our policies and practices surrounding storage of customer data to ensure that any Personally Identifiable Information (PII) is kept in a way that enables us to comply with the rights of individuals as provided under the GDPR.
Terms of Service
Updates to our Terms of Service to further clarify that our customers comply with the requirement to disclose Natero as a 3rd party data processor of their data. While this has always been a requirement of our Terms of Service, this is especially important under the new GDPR regulations.
Privacy Shield Certification
While not a strict requirement of GDPR, we have also completed our Privacy Shield certification to ensure that we fully comply with EU requirements for the processing of customer data.
EU Data Center
We are also enabling our EU customers to keep all customer data within the EU to further ensure compliance around data storage.
If you have any further questions regarding Natero’s approach to GDPR, please feel free to contact us at firstname.lastname@example.org.