In May 2018, the EU General Data Protection Regulation (GDPR) replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
Vervantis is a US Corporation but recognizes that as a provider of services across the globe, compliance with GDPR is required. Vervantis currently complies with any applicable data protection regulations and is committed to GDPR compliance across its relevant services. Vervantis has a dedicated internal team made up of cross-functional stakeholders overseeing Vervantis’ GDPR ongoing compliance efforts, which include:
Vervantis has reviewed where and how our relevant services collect, use, store and dispose of personal data and has updated policies, standards, governance and documentation where needed. Vervantis is dedicated to keeping such due diligence current and carrying out re-assessments periodically and/or as required by changed circumstances.
Vervantis has reviewed its existing contracts to ensure GDPR compliance and will continue to conduct due diligence.
CROSS-BORDER DATA TRANSFER
Vervantis’ contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law.
EMPLOYEE TRAINING AND AWARENESS
All Vervantis employees complete data privacy and security training. Vervantis has supplemented existing training modules with GDPR-specific content. In addition to these training requirements, Vervantis conducts ongoing awareness initiatives on a variety of topics, including data protection, security and privacy.
Vervantis Partners and Customers
Compliance with the GDPR requires a partnership between Vervantis and our partners and customers in their use of applicable Vervantis services. In this context, Vervantis generally will act as a data processor and our partners and customers generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers meet their GDPR obligations. In the meantime, Vervantis encourages partners and customers to independently familiarize themselves with the GDPR.