The EU General Data Protection Regulation (GDPR) is probably the most significant piece of European Union privacy legislation ever laid down in law. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Scalable Software Limited will comply with applicable GDPR regulations for its SaaS products as a Data Processor, when they come into force on 25th May 2018.
Scalable Software will work with its customers and partners who use its SaaS products to support them in their role as Data Controllers.
Where are we now?
Scalable Software has been reviewing its responsibilities and has an internal cross-function team working with appropriate external expertise to ensure compliance now, and will continue this initiative into the future.
All employees of Scalable Software are aware of GDPR and Scalable’s program to remain compliant as a Data Processor.
All relevant data held by Scalable’s SaaS products have been reviewed as being necessary to support the functionality of Scalable’s SaaS products.
Third Party Processors
Scalable Software’s SaaS products are implemented on Amazon Web Services. The European Union (EU) data protection authorities known as the Article 29 Working Party has approved the AWS Data Processing Agreement (DPA), assuring customers that it meets the high standards of EU data protection laws.
No other third parties are presently involved in Scalable Software’s service in handling data regulated by GDPR.
Data Protection Officer
Scalable Software has appointed a Data Protection Officer, who can be contacted at firstname.lastname@example.org.
Assistance to the Data Controller
As a Data Processor, Scalable Software is required to assist Data Controllers to fulfil their responsibilities.
Data Controllers can use Scalable Software’s SaaS product’s administrative capabilities to access, rectify, restrict the processing of, or delete any data that they and their users put into Scalable Software’s products. This functionality will help them fulfil their obligations to respond to requests from data subjects to exercise their rights under the GDPR.
Further, Scalable Software has defined procedures to manually or otherwise assist any request from a Data Controller to fulfil their responsibilities.
Scalable Software has had robust procedures in place for several years for handling any event in this category. After review, these meet and exceed the requirements of GDPR.
Scalable Software is committed to information security best practices. In line with GDPR, Scalable Software assesses the measures required in its products based on factors like data sensitivity, impact, risk and available technology.
Security is a core requirement of, and a guiding mantra in the design of any component of Scalable Software’s products, including encryption of data whilst in-flight and at rest, continuous vulnerability and penetration testing of systems and “firewalled” DevOps procedures to ensure security.
Customers of Scalable Software can elect to have their data stored within the EU or other global locations. Scalable Software assures that the customer’s data will remain in the region selected.