Dropsuite GDPR Statement
Dropsuite Official Statement: EU GDPR Compliance
- Having our privacy practices independently assessed and certified
- Leveraging third-party companies to conduct annual penetration tests
- Dropsuite supports our customers’ need to be compliant with the new European Union General Data Protection Regulation (“GDPR”) that takes effect on May 25, 2018.
What is the GDPR?
The GDPR is the new European privacy law that replaces the EU Data Protection Directive. The law requires that business protect the privacy and personal data of EU citizens and transactions that occur within EU member states.
What is “Personal Data?”
How We Have Prepared for GDPR
- Ensure that appropriate consent is obtained: The GDPR favors the use of opt-in consent mechanisms (explicit consent) e.g. unselected checkbox over opt-out consent mechanisms (implied consent) e.g pre-selected checkbox. Additionally, data subjects (your customers) should be able to withdraw their consent as easily as it was given and have their personal data erased.
- Develop data breach response plans when personal data is involved: Organizations should have a clear, defined plan if personal data is breached. The GDPR requires that notice must be provided without undue delay and, where feasible, not later than 72 hours after having become aware of it. Dropsuite will notify affected customers without undue delay if we become aware of a data breach of our services.
- The GDPR requires that all personal data of EU entities are keep within the EU. Dropsuite by default, ensures that all data of its End Users is processed in a data centre located in the European Union.
Does Dropsuite currently provide any product features to assist end users with their GDPR compliance program?
- Account administrators can delete users from the account
- Cloud archived data can be managed and deleted
- The Admin can find and delete specific user data as necessary