Dropsuite GDPR Statement
Dropsuite Official Statement: EU GDPR Compliance
- Having our privacy practices independently assessed and certified
- Leveraging third-party companies to conduct annual penetration tests
- Dropsuite supports our customers’ need to be compliant with the new European Union General Data Protection Regulation (“GDPR”) that takes effect on May 25, 2018.
What is the GDPR?
The GDPR is the new European privacy law that replaces the EU Data Protection Directive. The law requires that business protect the privacy and personal data of EU citizens and transactions that occur within EU member states.
What is “Personal Data?”
Personal data is any information relating to an identified or identifiable natural person (‘data subject’) – an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How We Have Prepared for GDPR
It is helpful to know where your customers are geographically located: The GDPR applies to EU citizens and transactions that occur within EU member states. Therefore, to ensure that you are compliant with these regulations, you must be able to determine where your customers are located.
- Ensure that appropriate consent is obtained: The GDPR favors the use of opt-in consent mechanisms (explicit consent) e.g. unselected checkbox over opt-out consent mechanisms (implied consent) e.g pre-selected checkbox. Additionally, data subjects (your customers) should be able to withdraw their consent as easily as it was given and have their personal data erased.
- Develop data breach response plans when personal data is involved: Organizations should have a clear, defined plan if personal data is breached. The GDPR requires that notice must be provided without undue delay and, where feasible, not later than 72 hours after having become aware of it. Dropsuite will notify affected customers without undue delay if we become aware of a data breach of our services.
- The GDPR requires that all personal data of EU entities are keep within the EU. Dropsuite by default, ensures that all data of its End Users is processed in a data centre located in the European Union.
Prepare for demonstration of compliance. GDPR requires that processors make available all information necessary to the controller to demonstrate compliance. Dropsuite shall upon request of the Partner provide to the Partner information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for, and contribute to, audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
How Data never leaves the European Union
Dropsuite use Amazon Web Services and Google Cloud Platform to host the cloud infrastructure of our solution. Dropsuite has three datacentres in the EU. The region of datacentres in the EU are:
Data from EU users are stored in the datacentre in-region or if not available in-region, will be stored at the nearest datacentre within the EU.
Does Dropsuite currently provide any product features to assist end users with their GDPR compliance program?
- Account administrators can delete users from the account
- Cloud archived data can be managed and deleted
- The Admin can find and delete specific user data as necessary