What you need to know as a Panaya customer
Panaya takes data privacy, security, and compliance very seriously. We are SOC 2 compliant and rely on GDPR compliant infrastructure in our hosting at AWS.
Panaya acts as a processor for your data while you are the sole owner of the data stored on our cloud. You can utilize the capabilities built into the Panaya offering to meet your GDPR obligations related to deletion, rectification, transfer of, access to, and objection to processing of personal data.
What has Panaya done to prepare for GDPR?
Rest assured, everything is in place for Panaya customers to be GDPR compliant.
Here’s what we’ve done to make that happen:
Updated Customer Contracts
- Added a Data Processing Addendum (DPA) to our Terms, which includes the warranties and statements we can )can or should?) now make being a sub-processor of personal data.
- Updated our internal Policies to include requirements identified by GDPR.
- Implemented the Data Protection by Design policy in our Risk Assessment and Change Management Policies. This includes the impact of data protection at the design stage of our product development cycle. The only data processes we implement are those necessary to better support our customers.
Completed GDPR Compliance Assessment Program
- Performed rigorous data mapping exercise, outlining what data we collect and for what period of time.
- Implemented measures to identify and delete an individual’s data as needed.
- Appointed a designated internal team responsible for data protection to ensure we are compliant with all GDPR requirements.
- Reviewed all subcontractors that have access to data to ensure they’re compliant with GDPR, such as Amazon Web Services.