GDPR Compliance & Privacy
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). The GDPR is the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive, also known as Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the Directive and all local laws relating to it.
IVR Lab welcomes the arrival of the GDPR. The new, robust requirements raise the bar for data protection, security, and compliance, and will push the industry to follow the most stringent controls, helping to make everyone more secure. All IVR Lab platforms will comply with the GDPR when it becomes enforceable on May 25, 2018.
The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.
Our primary cloud partner, Amazon Web Services, continually maintains a high bar for security and compliance across all of their global operations. Security has always been their highest priority. Their industry-leading security provides the foundation for their long list of internationally recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1 and others. As a result, AWS helps cloud service providers like IVR Lab meet local security standards such as BSI’s Common Cloud Computing Controls Catalogue (C5), which is important in Germany.
In cases, where it is necessary, IVR Lab has the capability to provide services out of the European data centers for our European customers.
IVR Lab is already utilizing specific features and services which help us meet requirements of GDPR:
- Allow only authorized administrators, users and applications access to resources
- Multi-Factor-Authentication (MFA)
- Fine granular access to objects in the cloud
- API-Request Authentication
- Temporary access tokens as necessary
Monitoring and Logging
- Asset Management and Configuration
- Compliance Auditing and security analytics as required
- Fine granular logging of access to storage objects
- Filtering and monitoring of HTTP access to applications with WAF functions
- Encryption of your data at rest with AES256
- Centralized managed Key Management
- Utilize SSL and TLS for all in-transit data
Disclosure of Customer Content
We do not disclose customer content unless we’re required to do so to comply with the law or a valid and binding order of a governmental or regulatory body. Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of our services, IVR Lab notifies customers before disclosing customer content so they can seek protection from disclosure.
IVR Lab relies on Amazon Web Service’s security assurance program using global privacy and data protection best practices. These security protections and control processes are independently validated by multiple third-party independent assessments.