Operating Under GDPR: Now, And In The Future

Filestack & GDPR

GDPR became effective today, and Filestack is in full compliance. Over the last year we have improved our infrastructure, products and processes in order to provide maximum protection of the data we process.

We respect our customers and their users, and protecting their data is central to our values. Going forward we will assist our existing and new customers in their obligations under the regulation and data subject rights.

In the last blog post, Filestack’s Commitment to GDPR, we explained what GDPR is and what our role is under the regulation. In this blog post, we present the steps we have taken to comply with it and what will happen next.

Actions Taken For GDPR

  • Consulted with internal and external counsel to understand legal interpretations of the GDPR requirements.
  • Updated to our Data Protection Addendum (DPA). It has been revised to reflect both regulatory and operational changes related to GDPR. Please contact us at privacy@filestack.com if you would like to review and sign it.
  • Updated to our privacy policy, terms of service. We have also updated and created additional internal policies that we will follow going forward when collecting and processing our customers and their users data.
  • Assigned a Data Protection Officer that is responsible for compliance with GDPR and all data protection efforts within Filestack. You can contact our DPO at privacy@filestack.com.
  • Performed a data audit to make sure that we document what and how data is processed through our systems and our sub-processors. We made sure that our sub-processors have required security measures in place.
  • Performed a risk assessment to make sure that data is processed and managed according to the GDPR instructions.
  • Implemented additional technical security measures and secured our infrastructure with Zero Trust model authorization.
  • Created breach incident response plans to make sure that any incident is handled correctly under the compliance requirements.

What Comes Next

GDPR becoming effective today does not mean that our work to protect our customer data is over. Our commitment to securing our customers’ data is paramount. With product changes, policy and procedures in place,  you can rest assured that your content is safe and secure.

In future blog posts we will explain:

  • What product and/or service changes were made in the context of GDPR compliance.
  • What Filestack customers should do in the context of GDPR compliance.

Please reach out via the comment section or any of the above emails if you have comments, questions or concerns.


Read More →