In the last three blogs of our GDPR series, we examine the impact of the GDPR on your organization, Spanning and SaaS providers in general. In this blog we take a look at our journey to GDPR compliance and provide you with tips for your own organization.
Our Journey to GDPR Compliance
As of February 2018, all Spanning products and services are compliant with the GDPR. The privacy and security of the data we protect with our SaaS backup solutions for G Suite, Office 365, and Salesforce is of paramount importance to us.
Some insights from our journey to compliance:
- Mapped data workflows: We charted our incoming and outgoing data flows, and granularly account for specific data types.
- Coordinated with Vendors: We worked with our platform partners – Google, Salesforce, and Office 365 to ensure coordination compliance. When we work with third parties to process data on our behalf, we ensure that we have appropriate terms in place to comply with the GDPR and safeguard our data.
- Learned about our customer’s compliance requirements: Using surveys and focus groups we learned the compliance needs of our subscriber customers. Where required, we refreshed any necessary contractual obligations to align with the GDPR.
- Understood the extent of our data protection responsibilities: We compartmentalize data based on whether we are processing it, transferring it and where we would be considered as a controller of data. Based on that we can segregate the GDPR requirements and the extent of our responsibilities.
- Fine-tuned our internal processes and policies: We developed an internal process and solution to meet our customers’ needs while complying with the intent of the regulation.
- Staying on our toes: Regulatory guidance on the GDPR from European data authorities is still evolving, and we are closely monitoring how the GDPR’s personal privacy rights will be interpreted in the context of the data protection services we provide.
The journey to GDPR compliance, is in many ways, an ongoing one. Keeping abreast of its interpretations in the next few months will be central to staying compliant.
Join me on May 22 at 10 am CT for “The Future of GDPR: Compliance beyond Deadline Day” Keynote Panel by BrightTALK.
The interactive Q&A panel discussion will cover:
– The intersection of GDPR, privacy and cybersecurity
– How GDPR affects data governance, breach disclosures and overall data protection
– Recommendations for improving your organization’s cyber resilience
Register for this free webinar here.
*** This is a Security Bloggers Network syndicated blog from Spanning authored by Brian Rutledge. Read the original post at: https://spanning.com/blog/countdown-gdpr-9-spanning-preparing-gdpr/