Security: Vbrick data protection and security processes have been developed based on NIST 800-53 revision 4 and are regularly subjected to third-party audits and testing for security, confidentiality, availability, processing integrity, and privacy controls. Vbrick allows customers to manage and control their users’ access to the application via role-based access.
Cross-border data flows: The GDPR continues to allow the flow of personal data across country borders, and includes provisions ensuring existing data transfer mechanisms remain valid going forward. Vbrick customers may leverage Vbrick’s EU data centre or if hosted in the US, Vbrick’s EU Privacy Shield Certification or sign model contractual clauses with Vbrick to legitimize their cross-border data flows.
Privacy impact assessments (PIAs): The GDPR requires PIAs for many types of data processing. Vbrick’s privacy team regularly and methodically conducts PIAs on features, technology, third party on-boarding, and operations related to our service. While we do not anticipate any significant changes to our already-thorough existing methods, our privacy team continues to monitor the GDPR to help ensure our PIAs fulfill any new requirements.
Security breaches: The GDPR introduces new notification rules for security breaches that result in a variety of harms to individuals. Vbrick has a formal internal incident response plan in place that aligns with these notification requirements.