Data Privacy Law and Regulation Compliance
Druva is committed to data privacy, data security, and transparency in our data practices and processes. We would like to take an opportunity to share how Druva can help our customers to meet their obligations under the General Data Protection Regulation (GDPR – effective May 25, 2018) and the California Consumer Privacy Act (CCPA – effective Jan 1, 2020).
Our Commitment to Transparency
Compliance as shared responsibility
GDPR requires not only responsible data controller practices, but also holds all controllers accountable for the vendors processing their personal data. To help guide our customers through the various GDPR requirements, we have mapped every GDPR article against our obligations as the data processor and our customers’ obligations as the data controllers. Please review our GDPR Shared Responsibility Model document.
Although the CCPA does not as clearly define the role of controller and processor, responsibility to ensure processing of data occurs in a compliant manner still remains a shared obligation. The CCPA Shared Responsibility Model document maps out each CCPA section against Druva and our clients obligations.
Our Commitment to data security
Druva puts the security of our customer data first. To request a copy of our Security Addendum or request a copy of our security certifications, please contact firstname.lastname@example.org.
Our data transfer mechanisms
Druva complies with the EU and UK Standard Contractual Clauses passed by the European Commission and UK’s Information Commission Officer respectively. If our customer’s policy is to execute Standard Contractual Clauses, our DPA includes them as an option.
Requesting the data processing agreement
Under the GDPR all data processors and data controllers must have an agreement in place specifying their respective obligations under the GDPR. We have incorporated CCPA obligations into the data processing agreement to ensure all data processing activities and obligations are transparent. To request Druva’s Data Processing Agreement (DPA), please email email@example.com.
Contact our data protection officer
GDPR Shared Responsibility model
CCPA shared responsibility model