Spanning and GDPR Compliance

The EU General Data Protection Regulation (GDPR) became enforceable on May 25, 2018. The GDPR replaces the Data Protection Directive 95/46/EC and it standardizes data privacy and protection laws across Europe. It also reaches beyond Europe, as it applies to any entity that processes personal data tied to offering goods or services to, or monitoring behavior of, European data subjects.

As of February 2018, all Spanning products and services were compliant with the GDPR.

Prepare for the GDPR

What This Means for Our Customers:

Spanning prioritizes the privacy and security of the data we protect with our SaaS backup solutions for Google Workspace, Office 365, and Salesforce. When Spanning acts as a data processor, businesses are responsible for ensuring data they share with us complies with the GDPR.

As part of our GDPR compliance efforts, we will continue to refine, improve and document our security measures, including but not limited to physical security, processes, and procedures to protect against unauthorized access, use, or disclosure of the content we protect.   

Spanning is committed to making our products and services better every day, so our partners and customers can continue to use our services, with confidence, in a manner that supports their own compliance efforts.

When Spanning provides services to our EU partners as a data processor on their behalf, we’ll ensure that we comply with the specific requirements for data processors. This means that we’ll refresh any necessary contractual obligations to align with the GDPR.

When we appoint third parties to act as data processors on our behalf, we’ll also ensure that we have appropriate terms in place to comply with the GDPR and safeguard our data. And when we act as a data processor on an advertiser’s behalf, we will be relying on our advertisers’ legal basis as data controller.

Video Transcript

Hello, my name is Brian Rutledge. I’m the Principal Security Manager here at Spanning Cloud Apps, and today, we’re going to be talking about the General Data Protection Regulation (better known as the GDPR), what it does, and answering some questions from our customers.

The GDPR is the latest legislation to come out of the European Union that deals directly with data privacy. Any company that processes EU citizen data will have to comply with this regulation. With that, let’s get to some of our questions. First off:

Is Spanning GDPR compliant?
The answer is a resounding yes!  Spanning has been compliant since early 2018.

Does Spanning have a Data Protection Addendum (or DPA) in place?
The answer again is yes.  We have a pre-signed DPA for any customer that requires it, which also includes standard contractual clauses for those that require it.

How does Spanning deal with cross-border transfers of data?
Last year, Spanning was certified with the EU-US and Swiss-US Privacy Shield, and also conforms to articles 44 – 46 of the General Data Protection Regulation. We work with our customers to ensure that their data stays within the European Economic Area and is never transferred out without their expressed permission.

What resources does Spanning have available to its customers?
We have a DPA in place, as stated previously.  We have compliance information in our GDPR blogs.  We also have secure mechanisms for data subject’s requests.

Lastly, if you have any questions about GDPR or compliance, please reach out to me at [email protected] Thanks.

Learn More:

Regulatory guidance on the GDPR from European data authorities is still evolving, and we are closely monitoring how the GDPR’s personal privacy rights will be interpreted in the context of the data protection services we provide. As GDPR requirements evolve and are implemented in Europe, we will continue to provide the latest guidance in our policies, terms and processes to meet those requirements.

In the coming months, we will continue to share updates. Visit the GDPR website for more information or check out our latest thinking on GDPR on our blog.

For GDPR Data Subject Requests, please click here.

For Data Protection Addendum please reach out to [email protected].