It is widely recognized among privacy professionals that the European Union’s General Data Protection Regulation (GDPR) is the most significant privacy legislation in many years, perhaps decades. GDPR awareness is now spreading beyond privacy conferences to the board room because of the regulation’s broad scope, contractual and operational impacts, and the significant risk management challenge it presents to companies needing to establish compliant practices by May 25, 2018, when the GDPR takes effect.
For companies engaged in international commerce, including, but not limited to, those operating in the EU, the GDPR likely will set the standard not only for the treatment of personal data from the EU but other personal data processed with it. Why? Because a data controller will find it is easier and less risky to require each processor and its permitted subcontractors to abide by the more stringent GDPR framework for all the data being processed and will implement its processing oversight accordingly.
Here at Janrain, we have been making changes to be in compliance with the GDPR and are excited about the opportunity it presents for us to showcase our leadership in securing and properly treating the personal data which our clients entrust to us. We are also looking forward to the opportunity to help our clients meet the GDPR challenge by offering them GDPR compliance-enabling tools and sharing best practices as we move forward.
Janrain has implemented “appropriate technical and organizational measures” to protect data subjects’ rights as required under GDPR Article 32. For example, we have already established the following appropriate security measures suggested under Article 32:
We feel strongly that partnering with Amazon Web Services (AWS) for all our underlying hosting services provides us and our clients with the most secure and reliable data facilities available anywhere. In fact, in its August 2016 Magic Quadrant review of Worldwide Cloud Infrastructure as a Service, Gartner recognized AWS as the service leader.
We have also implemented the following systems and programs to help us and our clients (using us as their data processors) meet the GDPR challenge:
Just as important, Janrain already offers GDPR-compliant service features to its clients, including:
We look forward to collaborating with our enterprise clients on developing more GDPR compliance-enabling service features and best practices. While further work remains to be done prior to May 2018, Janrain is well positioned to meet, and to help its clients meet, the GDPR challenge. To learn more about how Janrain approaches data security and privacy, please visit our Trust page.