Spanning and GDPR Compliance

The EU General Data Protection Regulation (GDPR) will become enforceable on May 25, 2018. The GDPR replaces the Data Protection Directive 95/46/EC and will standardize data privacy and protection laws across Europe. It will also reach beyond Europe, as it applies to any entity that processes personal data tied to offering goods or services to, or monitoring behavior of, European data subjects.

At Spanning, preparations have been underway to ensure that our products comply with the GDPR. As of February 2018, all Spanning products and services are compliant with the GDPR.

Prepare for the GDPR

What This Means for Our Customers:

Spanning prioritizes the privacy and security of the data we protect with our SaaS backup solutions for G Suite, Office 365, and Salesforce. When Spanning acts as a data processor, businesses are responsible for ensuring data they share with us complies with the GDPR.

As part of our GDPR compliance efforts, we will continue to refine, improve and document our security measures, including but not limited to physical security, processes, and procedures to protect against unauthorized access, use, or disclosure of the content we protect.   

Spanning is committed to making our products and services better every day, so our partners and customers can continue to use our services, with confidence, in a manner that supports their own compliance efforts.

When Spanning provides services to our EU partners as a data processor on their behalf, we’ll ensure that we comply with the specific requirements for data processors. This means that we’ll refresh any necessary contractual obligations to align with the GDPR.

When we appoint third parties to act as data processors on our behalf, we’ll also ensure that we have appropriate terms in place to comply with the GDPR and safeguard our data. And when we act as a data processor on an advertiser’s behalf, we will be relying on our advertisers’ legal basis as data controller.

Learn More:

Regulatory guidance on the GDPR from European data authorities is still evolving, and we are closely monitoring how the GDPR’s personal privacy rights will be interpreted in the context of the data protection services we provide. As GDPR requirements evolve and are implemented in Europe, we will continue to provide the latest guidance in our policies, terms and processes to meet those requirements.

In the coming months, we will continue to share updates. Visit the GDPR website for more information or check out our latest thinking on GDPR on our blog.