Entytle – GDPR Readiness
After years of comments and drafts, the European Union’s General Data Protection Regulation (“GDPR”), the most comprehensive privacy regulation of the last twenty years, will take effect on May 25, 2018. At Entytle, we welcome the transparency and will continue to ensure our customers’ data is secure, including compliance with the GDPR. We know the requirements of the GDPR are complex, and that our customers need to know if we will be ready. We have already made significant progress and are committed to being fully compliant with GDPR.
Leading in Privacy and Security
With our SOC 2 compliance, we have demonstrated our firm commitment to complying with security, confidentiality and privacy regulations. Over the last year, our team of privacy and security experts has been busy evaluating our product, reviewing our vendors, and auditing our privacy and security programs to see what changes needed to be made.
On the security front, before even setting out on an audit of our systems, we knew customer data would be encrypted both in transit (using TLS) and at rest (using AES 256.) Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Entytle has a firm security foundation to continue to improve upon.
In addition to augmenting our security program, here’s what we’ll be doing to support all of our customers in their GDPR compliance efforts.
Data deletion and export features
The GDPR empowers “data subjects,” the individuals from whom the data has been collected, to control who has their data. Today, we already provide rich data export functionality and the ability to delete customer data. Requests for data deletion and export can be made through your designated Entytle Customer Success Manager, or via support@entytle.com
Comprehensive review of vendors
We know we have an important responsibility when it comes to scrutinizing the vendors we use to help us provide our services to our customers. Part of our readiness plan is making sure our contracts adequately address the security, privacy, and confidentiality of our customers’ data under GDPR; you can be confident that our vendors have undergone a thorough privacy and security review by Entytle’s legal and security teams. We’ve also ensured your data is stored with an industry leader with a robust security program and appropriate security certifications.
Updated Data Protection Terms
We are committed to the protection of all of our customers’ data and the lawful use and processing of that data. With the arrival of the GDPR, we will update our DPA to ensure compliance with all GDPR-specific requirements and will offer our enhanced DPA to all Entytle customers. The revised DPA will supplement our Terms of Use and provide contractual safeguards to our customers for the processing of the personal data sent through Entytle, enabling these customers to be compliant with the GDPR.
In addition, we have identified the following areas where we’ll also make improvements:
- Privacy and security awareness program: We have a comprehensive, company-wide privacy and security awareness program. Every Entytle employee, regardless of whether they access customer data, will receive important and up-to-date training on data privacy and security.
- New subscribe features: To ensure that our marketing practices follow the GDPR rules, we’re enhancing our subscribe/control feature in our newsletters, blogs, and emails. We want our customers to receive the information they want, when they want. Now you can make sure you’re getting the latest product and company updates from us, and not getting information you don’t want.
- Centralized privacy & compliance information: More improvements from our legal, security, and compliance teams are coming. We are excited to announce that we are launching a new webpage during the second half of this year that will provide easy, centralized access to relevant compliance and security documents, including updates on our GDPR efforts. This page will have links for customers to review our DPA, or learn more about Entytle’s security program and controls, as well as provide links to our Terms of Use, and information on our Security program.
The privacy landscape is changing fast and we take very seriously the immense responsibility of caring for our customers’ data.
If you would like more information or have follow-up questions please reach out to us at gdpr@entytle.com