GDPR
The General Data Protection Regulation
The European Union General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It largely unified data protection rules across the EU and created new obligations on the protection and handling of personal data, including security requirements and stronger rights for individuals with regard to their personal data.
Security is IPInstrument’s business. We are committed to complying with the GDPR and supporting our partners and customers in their efforts to comply with the GDPR. GDPR Article 32 requires companies to take into account the “state of the art” when planning their security.
IPInstrument is known as a leading security innovator, with exceptional security solutions, and IPInstrument’s industry leading security solutions define the state of the art.
For example, many IPInstrument services use automated technology to recognize and defend against cybersecurity threats, such as by blocking or quarantining suspected malicious data. As the industry leader in layered defense, our Security Fabric provides a multifaceted approach to modern-day security.
To better protect our end-customers and assist them with their own security compliance, some IPInstrument solutions leverage external threat information gathered in some situations from certain of our end-customers, in order to improve security for a broader set of our end-customers. For example, if certain IPInstrument services determine that a hacker is attacking some of our customers, we may use information about that threat in order to help protect other customers from similar attacks. This provides our customers with better protection than would be possible if IPInstrument could not learn from experience.
Our own GDPR compliance approach includes the following:
- Data Security: We have put in place physical, electronic, and managerial procedures and controls to safeguard data and help prevent unauthorized access, to maintain data security, and to use correctly the data we collect. Our data protection efforts utilize our own industry-leading products and services.
- Data Awareness: We maintain records of our data processing activities, which form the foundation for our data protection compliance.
- Data Subject Rights: We have established data subject rights procedures designed to ensure that we provide reasonable and appropriate support for our customers’ responses to individual’s requests to exercise their rights under the GDPR.
- Controller and Processor Obligations: For certain IPInstrument services, IPInstrument acts as a “processor” of our customers’ personal data. In other instances, IPInstrument acts as a “controller.” For additional information regarding how IPInstrument handles customers personal data, please see our privacy policy at www.ipinstrument.com/privacy-policy.
- Transparency: Our updated Privacy Policy, which will go into effect on May 25, helps ensure compliance with GDPR notice requirements and helps enhance our transparency to our customers and their users.
- Vendor Management: We understand the importance of scrutinizing vendors who help us serve our partners and customers. We assess vendors before we engage them, and we ensure certain vendors agree to certain GDPR-related contractual terms before they can process our partners’ and customers’ information.
- Channel Partner Data: The data that we collect from our channel partners are used for legitimate business purposes only.
- Data Transfers: We comply with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses.
If you have any questions regarding our GDPR efforts, please reach out to us at privacy@IPInstrument.com.