The General Data Protection Regulation-or GDPR that came into effect on 25 May 2018, is a groundbreaking data protection law. It has set new benchmarks for global privacy rights and compliance.
The GDPR has replaced the older EU directive on data protection with a more standardized law reinforcing individuals' rights, and in line with the European sense of privacy as a fundamental human right.
GDPR regulates how businesses and individuals can gather, store, transfer, use and remove people's personal data.
We at Mitsogo had been on a mission of procedural overhauls, audits, training, and documentation to provide our customers with a GDPR ready platform for managing their mobile devices. Being an endpoint security company, data protection and user privacy is at the heart of everything we do. We do not sell customer data to third parties nor do we serve ads on our websites or products.
We had our production environment, policies, and procedures, comprehensively reviewed by a leading Consulting firm and put in place additional measures based on their risk assessment and gap analysis. In the context of our Mobile Device Management solution, Hexnode MDM, we understand all our obligations as a Data processor. We have a dedicated team to handle all compliance requests and are fully committed to making the GDPR transition as seamless for our customers.
We had conducted extensive audits to precisely document the different aspects of personal and non-personal data collected. Our solutions have an underlying policy framework that lets our customer, acting as the Data controller decide how and what data are collected, stored and deleted on a granular level.
We automatically assign EU data centers to our customers in the European Union. As a Data controller, you can make sure, all personal data of the users you manage through Hexnode MDM cloud stays right in the EU. Our EU data centers are located in Germany, where the privacy legislations are among the most stringent in the world.
GDPR places a higher responsibility on Data controllers when it comes to processing personal data on the grounds of user consent. We have revamped permissions and consent across all our solutions to help our customers, as Data controllers, obtain consent in a clear and distinct manner. Data subjects can withdraw consent just as easy.
We want to help our customers, who as Data controllers, need to have the ability to access, update, retrieve and delete personal data which is why we offer powerful features across our solutions to honor data subjects' requests regarding personal data. You can quickly identify users, edit their information, save and export across all our solutions.
GDPR mandates new notification requirements for breaches that lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data. Though we already have a comprehensive breach management and communication plan, we have updated it to align with the GDPR requirements and to help our customers meet their obligations in the unlikely event of a personal data breach.
Our Engineering team always exercise caution and extensively weigh risks when considering feature requests that may potentially infringe user privacy. So, implementing a formal Data Protection Impact Assessment (DPIA) process as part of the GDPR legislation has been an easy decision for us. Now that we have integrated DPIA into our process flow, it will continue to stay for all our future offerings too.
United States Department of Commerce, European Commission and Swiss Administration worked together to develop a framework which complies with data protection requirements when transferring data from the European Union and Switzerland to the United States. Mitsogo complies with EU-US Privacy Shield & SWISS-US Privacy Shield frameworks to assure our customers that collection and usage of their data is in accordance with the internationally accepted privacy standard.