GDPR Compliance

How EVPF helps you maintain compliance with the General Data Protection Regulation

Our GDPR Commitment

At Enterprise Virtual Provisioning Foundation, we are committed to ensuring that our platform and services comply with the General Data Protection Regulation (GDPR), which regulates the collection, use, and protection of personal data in the European Union.

We understand the importance of data privacy and security for our customers, and we have implemented comprehensive measures to support your GDPR compliance journey. This page explains how EVPF addresses GDPR requirements and the tools we provide to help you maintain compliance.

Key GDPR Features & Capabilities

Data Subject Rights Management

Our platform includes tools to help you respond to data subject access requests (DSARs), including the right to access, rectification, erasure, and data portability.

Data Protection by Design

EVPF implements privacy by design principles, with built-in security controls and data minimization practices.

Data Processing Records

Maintain comprehensive records of processing activities with our automated documentation tools to demonstrate compliance.

Cross-Border Data Transfers

Safeguards for international data transfers with EU-approved standard contractual clauses and regional data storage options.

Data Controller vs. Data Processor

Under the GDPR, EVPF acts as a data processor when processing personal data on behalf of our customers, who are the data controllers.

As a data processor, we process personal data only according to your documented instructions and have implemented appropriate technical and organizational measures to ensure the security of the data.

Our Data Processing Agreement (DPA) clearly outlines the responsibilities of both parties and includes commitments to assist you in meeting your GDPR obligations.

Data Protection Impact Assessments

For processing activities that may result in high risk to individuals' rights and freedoms, the GDPR requires conducting Data Protection Impact Assessments (DPIAs).

EVPF provides detailed documentation about our security and privacy controls to help you complete your DPIAs when using our platform.

Our team can also assist in reviewing the results of your DPIA and implementing additional safeguards if needed.

Security Measures

We implement robust security measures to protect personal data, including encryption, access controls, and regular security testing.

Our platform undergoes regular security assessments and audits by independent third parties.

We provide detailed security documentation to help you demonstrate compliance with the GDPR's security requirements.

Breach Notification

In the event of a personal data breach, we have established procedures to detect, report, and investigate the breach.

We will notify you without undue delay after becoming aware of a breach affecting personal data we process on your behalf.

Our notification will include all information required under the GDPR to help you fulfill your obligation to report to supervisory authorities and affected individuals.

Sub-processors

We maintain a list of sub-processors that we use to provide our services, and we ensure they provide at least the same level of data protection as we do.

We will inform you of any intended changes concerning the addition or replacement of sub-processors, giving you the opportunity to object to such changes.

All our sub-processors are bound by contractual terms that require them to protect data in accordance with GDPR requirements.

Data Retention & Deletion

We retain personal data only for as long as necessary to provide the services you have requested.

Our platform includes data retention controls that allow you to set custom retention periods based on your policies.

Upon termination of services, we securely delete all personal data or return it to you, according to your preference.

GDPR Compliance Checklist

Conduct a data inventory and map data flows

Implement appropriate security measures

Establish procedures for handling data subject requests

Review and update privacy policies and notices

Implement data protection by design and default

Maintain records of processing activities

Conduct Data Protection Impact Assessments when needed

Appoint a Data Protection Officer if required

Establish procedures for personal data breaches

Ensure valid legal basis for all processing activities

Frequently Asked Questions

How does EVPF help with GDPR compliance?

EVPF provides a range of features and tools to help you meet GDPR requirements, including data subject rights management, secure processing controls, data mapping capabilities, and comprehensive documentation for demonstrating compliance.

Is EVPF GDPR certified?

While there is no official 'GDPR certification' currently recognized by EU authorities, EVPF has undergone independent assessments to verify our GDPR compliance. We maintain ISO 27001 certification and SOC 2 Type II attestation, which cover many of the security controls required by GDPR.

Where does EVPF store and process data?

EVPF offers regional data storage options, including data centers in the EU, to help you meet data localization requirements. We provide transparency about where your data is stored and processed, and implement appropriate safeguards for any cross-border data transfers.

What happens if there is a data breach?

In the event of a personal data breach, EVPF will notify you without undue delay, providing all the information you need to meet your notification obligations under GDPR. We maintain comprehensive breach response procedures and regularly test them to ensure their effectiveness.

Need More Information?

Contact our Data Protection team or request our detailed GDPR compliance documentation.

Contact Data Protection Team Download GDPR Documentation