At Kentico, we value the privacy and security of our customers (and their clients) above anything else, so it was our highest priority to comply with the EU’s legislation before it comes into effect on May 25, 2018.
We’ve spent countless hours discussing GDPR compliance with several legal and security domain experts so we all could reach the GDPR-compliant shore in one piece.
Lots of work has been done, and right now is the perfect time to take a look at what has been prepared for you in Kentico Cloud to make your post-GDPR life easier :)
From now on, when creating a new project in Kentico Cloud, you can decide whether your project’s data (including the tracked visitors’ data) is stored in Europe in the Netherlands, or on the East Coast of United States.
The user (meta)data required for the Kentico Cloud service to work properly, however, will always be stored in West Europe’s data center. This is to ensure GDPR compliancy even in cases when Kentico Cloud users work on different projects across multiple data centers.
Assistance to the Data Controller
We bet you are aware of the rights the GDPR grants you and your data subjects (visitors, customers, etc.). For example, the right to access, portability, or to be forgotten needs to be fulfilled within 30 days.
Therefore, we put our heads together to make it as easy for you as possible to deal with such requests by introducing the following out-of-the-box solutions:
Data Flow Mapping
We’ve mapped every type of personal data that Kentico Cloud uses. We listed them for you in our documentation so you can see them anytime.
Fulfilling GDPR Requests of Data Subjects
As already mentioned, everyone can exercise their GDPR right to access, move, or delete their data after May 25, 2018. We always want to give you the edge with Kentico Cloud, and so we have implemented a Personal Data API that you can use for the retrieval and deletion of the personal data of your tracked visitors.
But what about your personal data? Are we ready to fulfill your GDPR rights as well? You bet we are! Simply contact us and we will provide you with all the relevant information.
Data Processing Agreement
If you share personal data with any other controller, the GDPR requires you (as a data controller) to sign a written contract with that controller. Therefore, we will have a Data Processing Agreement available for you (as our customer or partner) that can be signed at any time. Feel free to contact us about it!
Let’s Travel the GDPR Waters Together
We hope that Kentico Cloud’s data protection enhancements will make your life easier in the upcoming GDPR-driven digital world, and you will be able to focus on your creative content even more!