GDPR sets a new standard for how companies use and protect EU citizens’ data. This document gives an overview of the changes we've made as part of our GDPR compliance program to ensure Gearset is fully compliant with the regulations.
What is GDPR?
The EU General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU data protection law to strengthen the protection of personal data and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
Our GDPR commitment
Trust is a core principle at Gearset. We understand the kind of data that users trust Salesforce with, and Gearset has been built to respect that data and that trust. Your private information has, and always will be, treated with the utmost care and security. Gearset has committed to being fully compliant with GDPR.
How Gearset prepared for GDPR
We updated our website and privacy statements
Our updated security page lists some of our approaches we use to protect your data from unauthorised access, including encryption and access controls.
We updated our data processing addendum to clarify what personal data we collect, how we protect it, and your rights.
We published a list of our sub-processors who we may engage to process Personal Data when you use the app.
We gave you more control in the Gearset app
We made it easy for you to manage your mailing list subscription status from the My Account page in the app, as well as when you first create your Gearset account.
For automated job notifications (such as CI), you can manage your notification settings from within the job settings.
We added additional functionality for users to self-service delete their data in the app, including the ability to delete all backed-up data from our servers and delete their account and associated data.
We took new security measures
Gearset undergoes regular penetration tests by CREST certified professionals. These tests probe for vulnerabilities in our application and ensure we're always ahead of the game in keeping our security world-class.
We implemented regular external audits to review our robust security framework against the international information security standard ISO 27001 and have subsequently been certified to meet this stringent standard.
We made some operational changes
We reviewed our internal access policies to ensure the right people have access to the right level of customer data.
Our team is trained to understand the requirements of GDPR and how we comply with it.
We've reviewed our partners and suppliers to ensure they are also compliant with the new regulations and are adequately protecting our and our customers' data.
How to contact us with data queries
If you have any questions about how we store or process your data, or want to issue data requests, you can reach out to us through our in-app chat or email us at [email protected].
You can also learn more about our security practices at https://gearset.com/security.