DataCore and GDPR
Prioritizing your trust—Sustaining our tradition of data security
Set to take effect in May 2018, the General Data Protection Regulation (GDPR) replaces the Data Protection Directive which has been law across the European Union for the past 20 years. Its mission is to harmonise the approach to data protection matters across Europe by establishing a single set of pan-European rules. We’re excited to help our customers understand how we are approaching this.
Why is GDPR important?
In order to ensure that the protection of personal data remains a fundamental right for EU citizens the aim of the GDPR is to modernise outdated privacy laws. The GDPR has the potential to impact any business that collects data in or from Europe. Significant fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater, may be levied on organisations who fail to meet their obligations with respect to handling data under the GDPR.
What DataCore is doing?
Making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations, and to assist our customers to do likewise is an integral part of how we operate on a daily basis. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data. We have outlined some specific aspects of our approach to preparing the processes, and building the infrastructure required for GDPR in this white paper. Download the white paper
Security is what makes DataCore trusted by 99% of the Fortune 500, and the #1 survey platform for business
DataCore is built for Enterprise with robust security features:
- Access control (authentication and authorization)
- Single sign-on support
- Data encryption at rest and in transit
- SOC 2-accredited data centers
- Continuous network and security monitoring
- Vulnerability management
- Incident response and recovery
- Security awareness training
- Periodic independent 3rd-party security reviews and penetration testing
- EU-US Privacy Shield certified
- PCI DSS 3.2 and HIPAA compliant
- HITRUST self-assessed
- Multiple data centers to guarantee a secure and highly available service at scale
- Select group of trusted security partners, to ensure our customers are always protected with the best-in-class security
Data retention
We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. For example, you can delete a single individual survey response from your account if required to do so. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups.
Below is an abbreviated overview of just a few things related to what DataCore has and is planning to implement in support of GDPR. For more in-depth details on the information below please download the white paper.Security incidents
We have detailed security incident policies and procedures in place. We’re also committed to providing our customers with the information they need to meet their regulatory reporting obligations under GDPR.
Privacy basics
We are updating our Privacy Policy to be more succinct, easily navigable, and reflect the three million customers we serve daily, both self serve and Enterprise.
International data centre
We are aware that many of our customers with EU users and EU affiliates would prefer that their data be hosted in the EU. To address this, we are exploring the possibility of opening a Data Centre in the EU.
Updates to legal terms
We are making a number of changes to our customer-facing legal terms to include GDPR clauses and have already introduced these in our Enterprise terms. In advance of the 25 May deadline, we will introduce further updates.
Data minimisation and accuracy of your data
Privacy by design and privacy by default are an intrinsic part of our product planning and development.