At Certain, we care deeply about the security of our customer’s data and ensuring our customers are able to easily comply with the most widely-accepted privacy standards and regulations in the world.
Certain is already the most secure event automation platform in the world with security and protection frameworks in place including PCI DSS, HIPAA, SOX, SSAE16, Cloud Security Alliance, OWASP, and the EU-US Privacy Shield.
We have been actively working through the requirements and enhancing our products to enable our customers to comply with the GDPR when it becomes enforceable on May 25, 2018. Certain’s customer success teams will work with our customers to share and advise of any significant changes made to our products and services to support compliance.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation by which the European Parliament, the Council of the European Union, and the European Commission, intend to strengthen data protection for all individuals. It allows EU residents more control over their personal data and ensures their data is protected by organizations they interact with.
The aim of the GDPR is to unify data privacy laws across Europe to keep up with the massive advancement in technology over the past two decades. Personal data of individuals should be:
- Processed lawfully, fairly, and transparently to the individual
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those
- Adequate, relevant, and limited to what is necessary for achieving those purposes
- Accurate and kept up to date
- Stored no longer than necessary to achieve the purposes for which it was collected
- Properly secured against accidental loss, destruction, or damage