European Union’s General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR) is an EU regulation that expands the protection of personal data of EU citizens and residents. It places obligations on organizations who collect or process their data.
Enforcement of the GDPR starts on May 25, 2018. All organizations need to be aware of their obligations and ensure that they are compliant by this date.
Norada will comply with GDPR when it goes into effect on May 25, 2018. This includes taking the following actions to protect our customers’ data:
- Process data in compliance with GDPR
- Utilize technical and procedural safeguards to protect customer data
- Maintain a security incident response program
- Provide privacy and information training to every employee interacting with customer data
- Disclose a list of all third-party providers we work with who may access customer data
- Require third-party providers to comply with data protection laws
- Sign a Data Processing Addendum (DPA) as applicable
To comply fully with GDPR regulation, organizations uploading or transmitting data related to citizens and residents of the EU are required to sign a DPA with Norada. DPAs can be requested by customers on any currently offered subscription plan (Select, Standard, or Universal).
If you have general questions regarding GDPR and how it affects your organization or unsure if you need a DPA please consult a lawyer; we cannot provide legal advice.