Insider and the GDPR

 

At Insider, we take privacy seriously. With the European Union’s General Data Protection Regulation (GDPR) taking effect on May 25, 2018, we’re enhancing our platform and data processing to be ready for it. Here’s an overview of what we’re doing.

What is GDPR?

The General Data Protection Regulation is a codification of privacy and data protection regulations whose aim is to provide a more consistent guidance on privacy and data protection and respect to personal data of European Union citizens. In sum, it’ll replace the previous EU privacy directive, which is outdated, while also introducing some interesting changes to current privacy and data protection regimen. GDPR applies to any company handling personal data of EU subjects, even if the company is headquartered outside of EU.

Our commitment

Insider has a Security, Privacy and Compliance committee with data protection specialists, legal consultants and security experts preparing our company and our products for GDPR. The team also includes executive members, such as our co-founders, who are fully committed to improving transparency and trust to obtain acceptance and agreement from our entire company. The committee has already kicked off our GDPR compliance journey and is currently taking all the necessary measures to smooth over the entire process.

Security matters

Insider’s technologies and services are backed by robust organizational security measures specifically designed to protect your data against security breaches. Yet we are continually working to enhance our security regime to protect our service and keep building on our customers and partners’ trust. We believe that our ongoing improvements and measures are putting us in the best position to provide appropriate security measures to protect our clients and partners’ data and earn their trust.

Contractual protections

For customers who process personal data from the EU, we also offer EU Model Contract Clauses for your business’s personal data, making it easier to ensure you are using EU-compliant contractual protections. We plan to enhance our forms to help with GDPR compatibility.

Training

As part of our GDPR compliance journey, all of our employees will receive the appropriate privacy training to complement and update their Security Awareness training. This step is also included in the annual Software Security training of our developing and engineering teams.

Product review

For security and privacy reasons, Insider systematically reviews its products, new and existing ones, and technologies throughout their entire development process. As part of our GDPR compliance journey, we will start implementing periodic Privacy Impact Assessments.

Vendor management

Insider’s outstanding partners and vendors use robust security measures to help us deliver the highest quality service. Vendors such as Cloudflare and AWS offer unparalleled high-quality solutions and they are already committed to GDPR compliance terms. As part of our vendor and partner procurement process, we are currently conducting security and privacy reviews in anticipation of the GDPR.

Incident response

We fully commit to continuing to notify our customers and partners of any data incidents in line with our current terms of service and privacy agreements. We will keep investing in threat detection and avoidance technologies, and our round-the-clock incident management program to help you respond to security or privacy events. We are also currently improving our documented processes and will continue to train our company on adequate incident response procedures.

Final words

We at Insider respect the data concerns of all of our customers and partners, and we have committed to ensuring they can use our tools and technologies safely and in accordance. We would like to invite our customers, partners or anyone contemplating working with Insider to further discuss GDPR and other privacy matters and concerns with us over the next few months until GDPR comes into effect.