The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from 25th May 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.
We take the trust placed in us to stringently secure and protect our customer’s data very seriously and welcome the General Data Protection Regulation (GDPR). We believe that every business should be held accountable to the same high standards to which we hold ourselves.
SmartVault, headquartered in the United States, is currently certified against the PCI-DSS framework and our security practices already comply with the most widely accepted standards and regulations imposed in the United States, including GLBA, FINRA, HIPAA and SEC, which reflects our existing commitment to information security.
Based on the interpretations of key GDPR requirements, SmartVault provides several technical and process controls that create a foundation for your organization to comply.
|GDPR Requires...||SmartVault Responds...|
|The right to be forgotten. Enabling an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.||Your files stored in SmartVault are easily searchable, and based on the user’s permission level in SmartVault, can be deleted.|
|The right of access. Individuals will have the right to obtain access to their personal data, so that they are aware of and can verify the lawfulness of the processing.||SmartVault is designed to allow access to documents via authenticated logins. In other words, documents stored in SmartVault are only accessible if you log into the service or share the documents with another individual that must log into the service.
SmartVault employs an Activity Log that you can use to review:
- Who has been granted permissions to access documents
- Who has actually accessed documents and what action was performed (upload, download, deleted or changed the properties of any document)
|The right to data portability. Individuals can move, copy or transfer personal data easily and securely from one IT environment to another.||SmartVault does not bear ownership of our customers’ documents. Based on user permissions, entire folders as well as individual documents can be removed from the SmartVault platform.|
We’ll continue to actively monitor regulatory guidance and interpretations of key GDPR requirements to make sure we’re well informed and doing the right things in the right way all the way up to the deadline and beyond.