How can we ensure compliance to European’s Data Privacy Laws (GDPR - https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679) using Mitto and its Postgres database?
Hi Lisa! Thank you for reaching out. I’m happy to get on a call with your team to discuss in more detail, but for the community, here is some key information:
GDPR applies to anyone who processes personal data of EU citizens or residents, regardless of where you are officially located. The rules are very strict and the fines can be significant.
To comply with the GDPR principles, organizations will need to ensure that all personal data is:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes
- Accurate and kept up-to-date
- Kept for no longer than necessary
- Processed in a manner that ensures appropriate security.
There are rules and regulations for the Data Controller (the person who decides why and how this data is processed) and Data Processors (a third party that processes personal data on behalf of a data controller).
For Zuar Mitto customers that need to be in compliance with GDPR, we strongly recommend hosting Mitto on-premise in a customer-controlled environment so that you can perform in-depth and routine audits to ensure your compliance as a Controller.
As a Data Processor, Zuar’s policies around data retention, encryption, and information security can be found here: ZUAR Corporate Policies
Zuar hosts Mitto in both AWS and Digital Ocean. Below are both organizations GDPR policies: