Cataneo is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
The regulation focuses on EU citizen data and is not limited by the location of the company that is processing or controlling this data. This means that a company can be located anywhere – within the EU or not – and still be impacted by the regulation if they are processing the data of an EU citizen.
The GDPR gives EU citizens the right:
- to know when their data is collected
- to know how their data is used
- to request data deletion
- to access their information or to copy it
Our customers can trust that Cataneo has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR. Our approach and progress to date is outlined below.
What Cataneo is doing
Like many other global software companies, Cataneo began the process of rolling out its company-wide GDPR compliance strategy in the lead up to May 2018 and we continue to do so. Cataneo appreciates that our customers have requirements under GDPR that could be directly impacted by their use of Cataneo products and services, and Cataneo is committed to helping our customers fulfill their requirements under GDPR and local law.
Below are some of the initiatives Cataneo has committed to in order to satisfy GDPR requirements that apply to both Cataneo and our customers:
- While not required to under Article 37 of GDPR, Cataneo has made the decision to proactively appoint a Data Protection Officer
- Committing to follow any additional security and privacy measures required under GDPR.
- Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR.
- Assisting with respect to security and privacy of processing, notifying regulators of breaches, and promptly communicating any breaches to customers and user.
- Assisting with data processing security and privacy requirements, notifying regulators in the unlikely event that we have a personal data breach and promptly communicating any such breaches to our customers and end-users.
- Ensuring Cataneo staff that access and process Cataneo customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
- Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
- Committing to carrying out data impact assessments and consulting with EU regulators where appropriate.