In April 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). The GDPR is the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the Directive and all local laws relating to it.

With our growing base of European clients we welcome the arrival of the GDPR. The new requirements raise the bar for data privacy, security, and compliance, and help to make people’s data more secure. We are happy to inform our users and customers that all Ava services will comply with the GDPR when it becomes enforceable on May 25, 2018. Following are several steps we are taking towards supporting all of our customers in their GDPR compliance efforts ahead of the deadline in May.

Appointing a security officer for Ava in Europe.

Today Ava's security officer is located in the US. Addressing the increased Territorial Scope requirement as set forth by the GDPR, we will be appointing a Europe based security officer to join the security team.

Enhanced data deletion feature.

The GDPR empowers “data subjects,” the individuals from whom the data has been collected, to control who has their data. Today, Ava already provides the option to delete customer data. However, to further build on these features for GDPR, we will be automating our data deletion, ensuring we are only processing data for identified, appropriate data subjects.

Comprehensive review of vendors.

We know we have an important responsibility when it comes to doing due diligence on the vendors we use to help us provide our services to our customers. Part of our readiness plan is making sure our contracts adequately address the security, privacy, and confidentiality of our customers’ data under GDPR; you can be confident that our vendors have undergone a thorough privacy and security review by Ava's legal and security teams. We’ve also ensured your data is stored with an industry leader with a robust security program and appropriate security certifications.

Updating our terms of service to be more accessible.

It's extremely important for us to allow any customer to fully understand what our terms are and what they are giving consent for. In our efforts to follow the requirements set out by the GDPR, we are committed to making the request for consent extremely intelligible and easily accessible through clear, plain, and concise language. Furthermore it will be made very clear what the purpose of data collection is. Finally we will make it very easy for any user to withdraw their consent.

What we are already doing today.

Beyond addressing the new requirements set out by the GDPR, at Ava we are determined to continuously raise the bar in protecting our users from any data breaches or outside threats. To find out about existing commitments we have made, and the actions we have taken towards ensuring this security, check out our most recent security white paper here.

Questions?

If you would like more information or have follow-up questions please reach out to us at compliance@ava.me

Did this answer your question?