Entytle – GDPR Readiness
After years of comments and drafts, the European Union’s General Data Protection Regulation (“GDPR”), the most comprehensive privacy regulation of the last twenty years, will take effect on May 25, 2018. At Entytle, we welcome the transparency and will continue to ensure our customers’ data is secure, including compliance with the GDPR. We know the requirements of the GDPR are complex, and that our customers need to know if we will be ready. We have already made significant progress and are committed to being fully compliant with GDPR.
Leading in Privacy and Security
With our SOC 2 compliance, we have demonstrated our firm commitment to complying with security, confidentiality and privacy regulations. Over the last year, our team of privacy and security experts has been busy evaluating our product, reviewing our vendors, and auditing our privacy and security programs to see what changes needed to be made.
On the security front, before even setting out on an audit of our systems, we knew customer data would be encrypted both in transit (using TLS) and at rest (using AES 256.) Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Entytle has a firm security foundation to continue to improve upon.
In addition to augmenting our security program, here’s what we’ll be doing to support all of our customers in their GDPR compliance efforts.
Data deletion and export features
The GDPR empowers “data subjects,” the individuals from whom the data has been collected, to control who has their data. Today, we already provide rich data export functionality and the ability to delete customer data. Requests for data deletion and export can be made through your designated Entytle Customer Success Manager, or via firstname.lastname@example.org.
Comprehensive review of vendors
We know we have an important responsibility when it comes to scrutinizing the vendors we use to help us provide our services to our customers. Part of our readiness plan is making sure our contracts adequately address the security, privacy, and confidentiality of our customers’ data under GDPR; you can be confident that our vendors have undergone a thorough privacy and security review by Entytle’s legal and security teams. We’ve also ensured your data is stored with an industry leader with a robust security program and appropriate security certifications.
Updated Data Protection Terms
In addition, we have identified the following areas where we’ll also make improvements:
- Privacy and security awareness program: We have a comprehensive, company-wide privacy and security awareness program. Every Entytle employee, regardless of whether they access customer data, will receive important and up-to-date training on data privacy and security.
- New subscribe features: To ensure that our marketing practices follow the GDPR rules, we’re enhancing our subscribe/control feature in our newsletters, blogs, and emails. We want our customers to receive the information they want, when they want. Now you can make sure you’re getting the latest product and company updates from us, and not getting information you don’t want.
The privacy landscape is changing fast and we take very seriously the immense responsibility of caring for our customers’ data.
If you would like more information or have follow-up questions please reach out to us at email@example.com.