Kentico Kontent & the General Data Protection Regulation
What is GDPR?
GDPR is an acronym for the General Data Protection Regulation that was created to bring as much uniformity to data protection as possible. The new legislation will replace an existing EU 1995 Directive, which was implemented into national data protection laws. However, there could still be significant differences between states. Now that it is a regulation, it is directly applicable. It also means that if someone wants to do business in Ireland, for instance, they can now be sure that a similar legal regime exists in other member states too. This new regulation is better suited to the challenges our current digital world poses.
The GDPR legislation came into effect on May 25, 2018.
For more information about the GDPR, see the Official Journal of the European Union.
Our commitment to the GDPR
Kentico is very committed to achieving full compliance with GDPR. We value the privacy and security of our customers above anything else, and that's why we had already started dedicating resources in 2017 to make sure we had everything ready before the legislation came into effect. All necessary changes to the product and across the company were consulted with several legal and security domain experts, and we're building tools that will help you to satisfy the extended rights of your customers that come with the new legislation (such as the right to access information or right to be forgotten).
We also produced large numbers of articles on GDPR readiness in our blog, so don't miss those. We also delivered several features in our other product—Kentico EMS —that should help data controllers with their GDPR compliance. You can be assured we take GDPR compliance very seriously.
If you have any questions regarding Kentico's GDPR compliance, please do not hesitate to contact us at any time.
The personal data we collect
Kentico Kontent stores the data in Microsoft Azure storage. You can choose to store your project data in a data center in Europe (the Netherlands) or the United States (East Coast). By choosing the location of the data center, your project data and tracked visitor data are stored in the selected area. Project data represents all your content created within the Kentico Kontent application. You can find more information about the data centers here.
This does not include the user (meta)data required for the Kentico Kontent service to work, which will always be stored in the data center located in West Europe. The reason behind this is that users in Kentico Kontent can work on different projects across multiple data centers.
Kentico Kontent uses a global Content Delivery Network (CDN) powered by Fastly to deliver content from your website. The CDN has edge nodes all around the world, ensuring fast content delivery no matter the destination.
We believe in security by design. That's why all our developers have to attend security training and we have a dedicated security team that regularly performs security code reviews and website security scans. Moreover, Kentico Kontent data is stored in secure Microsoft Azure data centers and all encrypted by default.
We also have a vulnerability management program in place whose goal is to inspect for any new vulnerabilities, and any threats found are fixed within a few hours/days by our teams and security experts.
For more information about the security of Kentico Kontent, please visit our Security page.
Assistance to the controller
The new legislation strengthens several rights of data subjects by granting them easier access to the personal data you store about them or an option to request to opt out and the deletion of this data. Kentico Kontent comes with out-of-the-box functionality that helps you satisfy their requests. For more information, please visit our documentation.
Of course, as users, you have the same rights as your visitors or customers. Therefore, if you want to trigger any of the data subject rights for any of your current or former users of Kentico Kontent, please at the following e-mail address: firstname.lastname@example.org.
We will do everything we can in order to prevent any incidents involving your and/or your customers' data.
The use of subprocessors
In order to provide you with the best experience for working with content, we use some services provided by third-party vendors. Every vendor has to pass strict security evaluation criteria and has to be compliant with data protection laws. You can find a list of all the services we use on this page. Moreover, here you can also see a list of all third-party software licenses that we use in our product.