At Drata, the privacy and security of your data is our top priority. GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. At Drata, our entire organization is hard at work ensuring that our own practices are GDPR-compliant. But equally important to us is helping you, our partners and customers, understand what the GDPR means for your businesses and build compliant processes of your own.
Drata GDPR compliance is currently in progress with most sections already fully compliant. All sections will be fully available by the end of Q2 2021.
|Individual in charge of GDPR||Currently Available||Daniel Marashlian, CTO|
|Data Protection Officer||Currently Available||Daniel Marashlian, CTO|
|Lawful Basis of Processing and Consent||Currently Available||Under Article 6 of GDPR (https://gdpr-info.eu/art-6-gdpr), it falls under:
|Withdrawal of consent (or opt out)||Under Construction||For Users, withdrawal of consent or opting out after initial consent/opt-in will be able available via the webapp (https://app.drata.com). For Visitors, opting out can be done by emailing email@example.com.|
|Deletion Policy||Currently Available||Deletion of data for clients is available when terminating a contract. Data Deletion on the website (drata.com) for visitors can be done by contacting firstname.lastname@example.org|
|Data Access / Modification / Portability||Currently Available||Users can Access, Modify and Download their data directly from the Web App. Visitors can request a copy or update of their data by emailing email@example.com.|
|Data Protection Info||Currently Available||Drata deploys and maintains a single tenant Database architecture, alongside best industry practices in security attested to in a SOC 2 Type 2 report covering security, confidentiality, availability, and processing integrity.|
|Notification of Data Breach||Currently Available||Drata's data breach notification process is outlined within its Incident Response Policy, and made available upon request.|