In May 2016, the European Union adopted a new regulation on data protection, the “General Data Protection Regulation”, or GDPR. GDPR introduces a comprehensive data protection regime and increases the compliance requirements for organizations that use personal data of EU data subjects, whether the organization acts as a controller or processor of data.
KTern takes data protection, data security, and regulatory compliance very seriously. In terms of the GDPR, the data subject is the sole owner of any personal data that is stored with KTern through our services. KTern acts as a processor of this data. You can utilize the capabilities built-in KTern’s business offering to meet your own GDPR obligations related to the rights of data subjects, such as deletion and rectification of data, data access and transfer, and data subjects’ objection to the automated processing of personal data.
At KTern, we believe that our time-tested policies and practices provide a solid foundation for addressing customer concerns and enabling greater trust in services based on cloud computing. We have worked to make our cloud-based offerings not only reliable, manageable, and scalable but also to ensure our customers’ data is protected and used by KTern in a transparent manner.
Taken together, our data protection principles, data processing agreements, and our company data protection and privacy policies govern the collection and use of all customer information processed by KTern. These give our employees a clear, company-wide framework for all data operations.
When KTern envisions a new product or service, privacy and data protection are considered at each phase of development. This is part of our approach to GDPR-based privacy by design and by default, which describes not only how we build products, but also how we operate our services and structure our internal governance practices.
For our enterprise services, we believe that customers should be given the maximum abilities and tools for controlling their own information, whether it is stored on their premises or in our cloud-based service. Many of KTern’s services enable a download of copies of data subjects’ data, without requiring assistance from us or our partners. Wherever the service does not enable this functionality, we are committed to delivering data portability to the customer upon demand, in a reasonable amount of time.
Finally, when a customer terminates its agreement to KTern’s services, we retain any personal data in a limited and restricted manner (as our customer contracts detail) to extract its data. Thereafter, all data is deleted.
GDPR introduces a general data breach-reporting obligation to the European regulator. In any instance that a data breach will occur, it would be subject to this reporting process
In order to identify data breaches, KTern applies processes and methods to protect and monitor all personal data maintained by us. We understand that the security risks and challenges are evolving, therefore we will constantly monitor emerging security risk and re-assess our organizational preparedness.
Making employees aware of what is expected of them shows the value KTern places on the protection of personal data. We conduct ongoing education and awareness training for all employees accessing personal data in order to increase awareness and properly handle such data in a manner that respects data subject rights.