- 4 Minutes to read
General Data Protection Regulation (GDPR)
- 4 Minutes to read
The General Data Protection Regulation (GDPR) aims to strengthen personal data protection in Europe, and affects the way we all do business. Compliance with GDPR is a top priority for Dataddo and our customers. Dataddo can be a key facilitator on your GDPR journey with our customer-centric approach to data protection, control, and compliance.
What is GDPR?
The GDPR is a European privacy law that became enforceable on May 25, 2018. The GDPR replaces the EU Data Protection Directive and is intended to reconcile data protection laws throughout the European Union (EU) by applying a single data protection law enforceable across every member state. The GDPR does the following:
- Regulates how businesses can collect, use, and store personal data
- Builds upon current documentation and reporting requirements to increase accountability
- Authorizes fines on businesses who fail to meet its requirements
Who is impacted by the GDPR?
The GDPR applies not only to organizations established within the EU, but also to organizations located outside of the EU that offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects located in the European Union, regardless of the company’s location. The GDPR defines personal data to include any information relating to an identified or identifiable natural person.
How does Dataddo help my organization comply with the GDPR?
Dataddo is working across our organization to ensure that our products and services enable our customers to comply with GDPR. This includes:
- Continuing to build upon the security features in our products and the security posture of our enterprise and infrastructure, described in more detail
- Ensuring that contracts with our customers enable them to comply with the GDPR rules relating to appointing processors, and ensuring that our contracts with our own processors are compliant as well
- Continuing to support international data transfers by incorporating Standard Contractual Clauses into our standard Data Processing Agreement with our customers, and closely monitoring the development of the post-Schrems II landscape to ensure we are implementing any further measures the European regulatory authorities may require for international data transfers
- Continuously monitoring the guidance around GDPR compliance in general, and adjusting our plans accordingly
How does Dataddo help me comply with the GDPR?
Dataddo a data integration platform, is security hardened by default. Network encryption, storage volume encryption and access control are configured by default. All security-specific updates to the operating system and database of the underlying instances are automatically applied by Dataddo engineers. Dataddo enforces using TLS when connecting to external services. It is possible to utilize SSH tunneling when connecting to your internal infrastructure.
Dataddo also pursues external testing and certifications regarding security. Visit the SOC 2 overview for more information.
Dataddo infrastructure runs on top of Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Each cloud provider undergoes its own series of independent third-party audits on a regular basis.
- Learn more about cloud compliance on AWS
- Learn more about cloud compliance on Microsoft Azure
- Learn more about cloud compliance on Google Cloud Platform
Does Dataddo offer a Data Processing Addendum (DPA)?
The terms of service applicable to Dataddo incorporate our Data Processing Agreement, which satisfies the requirements the GDPR imposes on data controllers with respect to data processors.
If you have questions about how these terms apply, please contact us at email@example.com
How does Dataddo facilitate transfer of personal data outside of the EEA, Switzerland and the United Kingdom?
GDPR requires controllers and processors to implement appropriate safeguards before transferring personal data out of the EEA, Switzerland and the United Kingdom. When transferring personal data that our customers upload to our platform to countries that are not the subject of an adequacy decision by the European Commission (EC) or the United Kingdom, including the United States, Dataddo uses Standard Contractual Clauses as the transfer mechanism under Article 46 of GDPR.
In June 2021, the EC approved new SCCs. These new SCCs align with GDPR and also address issues raised by the European Court of Justice in its Schrems II decision. Dataddo has incorporated the new SCCs into our standard Data Processing Agreement, which itself is incorporated into our standard legal agreement governing our customers’ use of Dataddo platform. For transfers of customer personal data from the United Kingdom, the prior version of the SCCs will remain in place for the time being.
Dataddo assists our customers in complying with their obligations under Clause 14 of the new SCCs by contributing to our customers’ Transfer Impact Assessments (TIA) and by conducting our own TIAs when appropriate. We also enable our customers to implement technical supplementary measures, including data encryption options whereby our customers control the encryption keys, and Dataddo has implemented a number of its own contractual and organizational supplementary measures for the benefit of our customers. For more information about these measures, please see our Data Processing Agreement and our Technical & Organizational Security Measures.
Whom should I contact if I have questions regarding the GDPR and Dataddo?
Please contact us at firstname.lastname@example.org with any questions about the matters addressed above.
This page is for informational purposes only, and Dataddo does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of Dataddo's services as appropriate to support its legal and compliance obligations.