Is Front compliant with GDPR?
Front is committed to achieving compliance with the General Data Protection Regulation (GDPR) by May 25th, 2018. We're working on implementing our readiness program across our organization and will keep this article updated with our current status.
Policy Updates & Certifications
- Terms of Service: We’ll share our updated Terms of Service, which includes a new Data Processing Addendum with the Model Clauses required by the GDPR.
- Privacy Shield: We’ve also completed the E.U.-U.S. and Swiss-U.S. Privacy Shield certifications to ensure adequate safeguards are in place for international data transfers.
- Data Usage: We’ve completed a comprehensive data audit to ensure we only collect data critical to business needs and will review our retained data regularly. We’ve also streamlined how we use personal data throughout our infrastructure to limit usage of data to only the necessary applications that allow us to operate our service.
- Data Collection: We’ll only collect website visitor data when a visitor to a Front website has given their explicit consent and opt-in.
- Data Access, Portability, and Deletion: We’ll have a process that will allow customers to request that their data be corrected, exported, or deleted.
Data Classification, Privacy Impact Assessment, & Security Risk Assessment: We’ve completed a comprehensive audit of our data and assets following the ISO-27001 standard. We’ve also completed our annual security risk assessment to identify and mitigate any risks related to data breaches or other vulnerabilities.
- Security & Incident Response Training: All Front employees attend trainings on our responsibility regarding security, availability, processing integrity, or confidentiality activities. Additionally, the Front team is trained on appropriate incident response procedures in the case of a data breach.
If you have any questions, please don't hesitate to contact us.