At Reflexis we are committed to working with our customers to understand and prepare for the General Data Protection Regulation (GDPR). The GDPR introduces enhanced data privacy laws to match the evolving technological landscape. These changes will come into effect on May 25, 2018. Besides strengthening and standardizing data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our plans to achieve GDPR compliance.
The Reflexis GDPR Commitment
Our Commitment to Protecting Your Data
Preparing for the GDPR
Our global team is working diligently to ensure that Reflexis is aligned with the new regulation. Measures to achieve this include:
Working with an external security advisory organisation.
Continuing to invest in our security infrastructure.
Making sure we have the appropriate contractual terms in place. Ensuring we can support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses through our updated Data Processing.
Confirming our policies include new tools for data portability and data management where necessary.
Ensuring that under all circumstances user consent for data processing meets the new requirements.
Reviewing breach notification procedures.
Reinforcing all data protection and retention processes.
Reflexis will continue to monitor the guidance around GDPR compliance from official government regulatory bodies, and will adjust our plans accordingly if any changes occur.
Our Security Infrastructure and Certifications
Protecting our customers’ information privacy is extremely important to us. As we offer cloud-based products we are entrusted with some of our customers’ most valuable data and we’ve set high standards for security. We’re currently investing in several security certifications such as SOC 2 and SOC 3.
Reflexis has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, Reflexis will continue to meet its obligations and offer contractual assurances.
International Data Transfers: Privacy Shield and Contractual Terms
To comply with EU data protection laws around international data transfer mechanisms, we are self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Data Portability Solutions and Data Management Tools
Customers have requested tools to help them comply with the GDPR. We understand our customers concerns and we are looking to offer data portability and personal data tools that assist with data exports. Information about the features and functionalities of these tools will be shared with you as it becomes available.
Stay Updated
Fulfilling our privacy and data security commitments is important to us. This page will be revised to reflect GDPR-related information as it becomes available. Please get in touch if you have any questions related to how Reflexis is becoming compliant with the GDPR.
Contact
Andrew Ngo
Senior Corporate Counsel
Reflexis Systems, Inc.
3 Allied Drive, Suite 400
Dedham, MA 02026
+1 (781) 493-3306 (Direct)
Andrew.Ngo@reflexisinc.com