The EU General Data Protection Regulation (GDPR) is probably the most significant piece of European Union privacy legislation ever laid down in law. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Scalable Software Limited complies with applicable GDPR regulations for its SaaS products as a Data Processor.
Scalable Software works with its customers and partners who use its SaaS products to support them in their role as Data Controllers.
Awareness
All employees of Scalable Software are aware of GDPR and Scalable’s program to remain compliant as a Data Processor.
Information Held
All relevant data held by Scalable’s SaaS products have been reviewed as being necessary to support the functionality of Scalable’s SaaS products.
Third Party Processors
Scalable Software’s SaaS products are implemented on Amazon Web Services. The European Union (EU) data protection authorities known as the Article 29 Working Party has approved the AWS Data Processing Agreement (DPA), assuring customers that it meets the high standards of EU data protection laws.
No other third parties are presently involved in Scalable Software’s service in handling data regulated by GDPR.
Privacy Policy
Scalable Software’s privacy policy has been updated to reflect the requirements of GDPR and is available here.
Data Protection Officer
Scalable Software has appointed a Data Protection Officer, who can be contacted at dpo@scalable.com.
Assistance to the Data Controller
As a Data Processor, Scalable Software is required to assist Data Controllers to fulfil their responsibilities.
Data Controllers can use Scalable Software’s SaaS product’s administrative capabilities to access, rectify, restrict the processing of, or delete any data that they and their users put into Scalable Software’s products. This functionality will help them fulfil their obligations to respond to requests from data subjects to exercise their rights under the GDPR.
Further, Scalable Software has defined procedures to manually or otherwise assist any request from a Data Controller to fulfil their responsibilities.
Data Breaches
Scalable Software has had robust procedures in place for several years for handling any event in this category. After review, these meet and exceed the requirements of GDPR.
Data Protection
Scalable Software is committed to information security best practices. In line with GDPR, Scalable Software assesses the measures required in its products based on factors like data sensitivity, impact, risk and available technology.
Security is a core requirement of, and a guiding mantra in the design of any component of Scalable Software’s products, including encryption of data whilst in-flight and at rest, continuous vulnerability and penetration testing of systems and “firewalled” DevOps procedures to ensure security.
Data Location
Customers of Scalable Software can elect to have their data stored within the EU or other global locations. Scalable Software assures that the customer’s data will remain in the region selected.
If you have further questions you may contact Scalable at privacy@scalable.com