P-A Postat Maj 24, 2018 Share Postat Maj 24, 2018 Does InVision comply with the General Data Protection Regulation for EU customers? InVision is committed to compliance with the General Data Protection Regulation (GDPR), a new EU data privacy regulation that will go into effect May 25, 2018. The regulation is designed to give EU citizens more control over their data and to unify a number of existing privacy and security laws under one comprehensive law. We understand that compliance with a new set of privacy laws can be challenging, and we are here to help with your GDPR compliance initiative by providing you with state of the art GDPR compliant services. Our legal and security experts have closely analyzed the requirements of the GDPR and continue to monitor new guidance on best practices for implementing the requirements of the GDPR. We are updating our products, contracts, and policies to ensure that we are in compliance with the GDPR before May 25, 2018. We are also dedicated to helping our customers succeed in complying with the GDPR. WHAT INVISION IS DOING InVision is currently implementing its company-wide GDPR compliance strategy ahead of the May 2018 due date. Below are a few examples of initiatives InVision has committed to in order to satisfy GDPR requirements that apply to both InVision and our customers: We are ensuring our products and services are designed in accordance with ISO27001, ISO27002 and ISO27018 standards. These standards mirror many of the security and privacy requirements of GDPR and will help give our customers a transparent framework to measure our development and data management practices. Assurance that InVision maintains and follows these standards are affirmed through our annual SOC 2 audit. When processing personal data regulated under GDPR, we commit to follow any additional security and privacy measures required under GDPR. Where we are transferring personal data outside of the EU, we are committing to appropriate data transfer mechanisms as required by GDPR. We are ensuring that applicable users have the ability to access and update their personal data (in fact, we try to make this easy by including access to most data in our service). We are notifying regulators, customers, and users of breaches, promptly as required by the GDPR. We are holding vendors that handle personal data to required data management, security, and privacy practices and standards. We are carrying out data impact assessments and consulting with EU regulators where appropriate. We are ensuring that InVision staff that process InVision customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data. Citera Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.