Countdown to GDPR #9: How is Spanning Preparing for GDPR?
In the last three blogs of our GDPR series, we examine the impact of the GDPR on your organization, Spanning and SaaS providers in general. In this blog we take a look at our journey to GDPR compliance and provide you with key takeaways to assist you in your path forward.
Our Journey to GDPR Compliance
As of February 2018, all Spanning products and services are compliant with the GDPR. The privacy and security of the data we protect with our SaaS backup solutions for G Suite, Office 365, and Salesforce is of paramount importance to us.
Some insights from our journey to compliance:
- Mapped data workflows: We charted our incoming and outgoing data flows, and granularly accounted for specific data types.
- Coordinated with Vendors: We worked with our platform partners — Google, Salesforce, and Microsoft to ensure coordination compliance. When we work with third parties to process data on our behalf, we ensure that we have appropriate terms in place to comply with the GDPR and safeguard our data.
- Learned about our customer’s compliance requirements: Using surveys and focus groups we learned the compliance needs of our subscriber customers. Where required, we refreshed any necessary contractual obligations to align with the GDPR.
- Understood the extent of our data protection responsibilities: We compartmentalize data based on whether we are processing it, transferring it and where we would be considered as a controller of data. Based on that we can segregate the GDPR requirements and the extent of our responsibilities.
- Fine-tuned our internal processes and policies: We developed an internal process and solution to meet our customers’ needs while complying with the intent of the regulation.
- Staying on our toes: Regulatory guidance on the GDPR from European data authorities is still evolving, and we are closely monitoring how the GDPR’s personal privacy rights will be interpreted in the context of the data protection services we provide.
The journey to GDPR compliance, is in many ways, an ongoing one. Keeping abreast of its interpretations in the next few months will be central to staying compliant.
Join me on May 22 at 10 am CT for “The Future of GDPR: Compliance beyond Deadline Day” Keynote Panel by BrightTALK.
The interactive Q&A panel discussion will cover:
– The intersection of GDPR, privacy and cybersecurity
– How GDPR affects data governance, breach disclosures and overall data protection
– Recommendations for improving your organization’s cyber resilience
Register for this free webinar here.Spanning Compliance and GDPR