We do a lot of interesting work on the engineering side here at BriteVerify but we rarely talk about our approach particularly towards security. With the growing visibility of the EU’s General Data Protection Regulation (GDPR), we’ve noticed a marked rise in interest about how BriteVerify approaches data handling, processing, and deletion; so I thought it would be useful to post some information on the topic.
If you’re new to the GDPR, here’s a bit of background: It's a new set of laws being implemented by the European Union that regulates how the personal data of EU citizens can be collected, used, and processed by businesses all over the world. GDPR applies not only to organizations based in the EU but also all companies that have customers in the EU. GDPR is already having a global impact and we at BriteVerify have been preparing for these new laws since early 2017.
Under GDPR, BriteVerify is considered a Data Processor. As a Processor, our obligation is to provide BriteVerify customers with the proper data security, controls, and processes to maintain their responsibilities under GDPR. A few of these items are described below and we will be more than happy to discuss these in greater detail at any time.
Data Handling and Processing: BriteVerify Customers in the EU are now able to process their lists locally in our AWS eu-west-1 (Ireland) EU processing facilities. Simply reach out to your BriteVerify representative for details.
Data Monitoring: In compliance with GDPR, we maintain a record of our processing activities. This includes, but is not limited to, list name (if appropriate), date, processing location, and total records processed. We provide this information to our customers in relation to their BriteVerify accounts.
Data Retention Controls: Our BriteFiles application allows a customer to fully delete data lists from our system. Once a list is deleted it is fully removed from all BriteVerify systems. After deletion, the only remaining information is meta-data for billing and reporting purposes.
If you need any additional information or would like a copy of BriteVerify’s Data Security Document please send your request to firstname.lastname@example.org.