May 17, 2018
GDPR & Interfolio: What You Need to Know
Partnering with Interfolio means trusting us with your data, and we take that trust seriously. Interfolio has designed our technical and information architecture for your institution to enjoy all the benefits of cloud hosting while also being fully protected, so you and your users can be confident that our services are always secure, reliable, and scalable from the beginning.
With the upcoming General Data Protection Regulation (GDPR) launch, we want to take a moment to review our security practices with you and highlight some of the new changes we are implementing to ensure our full compliance with data regulations.
GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR is a significant piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The new law applies to any organization processing personal data about individuals who live within the European Union and will go into effect on May 25, 2018.
CURRENT SECURITY PRACTICES AT INTERFOLIO
For years, Interfolio has been earning the trust of all our customers when it comes to data integrity and security—academic institutions as well as individual Dossier account holders. Here are some practices we already have in place:
- We have a “belt and suspenders” security approach, which provides users with a secure, reliable, and scalable solution. For more information, check out our security overview here.
- We encrypt data in transit and at rest.
- We promise to send prompt breach notifications. In line with our current policies, Interfolio will inform you of any incidents involving your users’ personal data right away.
- We are members of Privacy Shield, a mechanism to help us comply with EU and Swiss data protection requirements when transferring personal data from the European Union.
NEW SECURITY PRACTICES AT INTERFOLIO
Here are some new security practices we have implemented specifically for GDPR compliance:
- A Data Processing Agreement (DPA) containing the EU Model Clauses, which are industry standard for data safety. This means that Interfolio agrees to protect any data originating from the EEA in line with European data protection standards.
- Enhanced services to help you be compliant when users request you delete or suppress their data.
For more information on GDPR, visit: https://www.interfolio.com/gdpr/
For more information on our commitment to security, visit: https://www.interfolio.com/security/
Feel free to contact us if you have any specific questions about Interfolio’s technical security measures, or your institution’s particular considerations.