Interfolio and the General Data Protection Regulation (GDPR) in the European Union
What is GDPR?
The GDPR (General Data Protection Regulation) is a significant piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th May 2018.
If you have any specific questions about how GDPR or Interfolio’s practices affect your institution, feel free to contact us today.
What does it mean for you?
- The GDPR has different requirements depending on how your business interacts with personally identifiable user data.
- Data controllers are companies that supply goods or services to EU residents, or that track or monitor EU residents and decide why and how data is collected and processed. As one of our customers, you are likely a data controller under the GDPR. One of your requirements as a data controller is to only work with compliant data processors.
- Data processors are vendors or businesses that process data on behalf of data controllers. As a customer data platform, Interfolio is considered a data processor. We will be ready for the GDPR as both a data controller and when acting as a data processor on your behalf.
What is Interfolio doing to help you comply?
Here are some things we were already doing:
- Interfolio’s “belt and suspenders” security approach. (Want to understand Interfolio’s technical security standards in more detail? See our security overview here.)
- We encrypt data in transit and at rest.
- We promise to send prompt breach notifications. In line with our current policies, Interfolio will inform you of any incidents involving your users’ personal data right away.
- We are members of Privacy Shield, a mechanism to help us comply with EU and Swiss data protection requirements when transferring personal data from the European Union.
Here are some new things we are doing specifically for GDPR readiness:
- A Data Processing Agreement (DPA) that contains the EU Model Clauses, which are industry standard for data safety. This means that Interfolio agrees to protect any data originating from the EEA in line with European data protection standards.
- Enhanced services & to help you be compliant when users request you delete or suppress their data.