ONLYOFFICE welcomes the new data protection law coming into force on May 25. Keeping our users’ data safe and secure has always been one of our top priorities, and we have fully tailored our data security policy to GDPR standards.
Learn what measures have been taken by ONLYOFFICE to meet its requirements.
Adopted by the EU Parliament in April 2016, General Data Protection Regulation (GDPR) is aimed at defending individuals from privacy and data breaches. It specifies the lawful way to process personal data for companies that work with the EU residents.
The main principles:
Read the full text of the legal act here.
The law describes two types of companies dealing with personal data:
We act both like data controller and data processor. For example, when you put information about your clients into our CRM system, you act as a data controller, and we are a data processor to you. But we are also becoming a data controller when we are supplying services to you and using your personal data. So, it’s important for us to ensure our own compliance as well as make it easier for you to comply as a data controller.
We are committed to complying with the new legislation. Here’s the list of measures taken by us to achieve that:
Legal agreements updates
We have reviewed our legal agreements – Terms and Conditions, Privacy statements and all the license agreements – and made all changes necessary to comply with the legislation. The improvements touch upon users’ consent for processing their personal data. Using personal data for marketing purposes is streamlined as well – we are now collecting unambiguous consent only to receive our marketing communications.
All the agreements can be found in the Legal notice section.
Appointing data protection officer (DPO)
Having expertise in data protection and law, Timur Shugaev, our manager in Latvia, started to act as a DPO responsible for data protection compliance within our company and communication with the GDPR supervisory authorities. You can get in touch with him using this email.
Data management adjustments
We mapped and analyzed all our systems connected to storing and processing personal data. We have already implemented advanced security measures, but it was important for us to put procedures in place so that our users can realize their rights guaranteed by the GDPR, including:
According to the GDPR, each company must build a strong security program, and that is already in use here, at ONLYOFFICE. You can be confident in ONLYOFFICE for a number of reasons:
Reliable hosting for cloud solutions
Amazon has already confirmed that all of their services are GDPR-ready and can be implemented as a key part of other companies’ compliance plans. Among the tools offered by Amazon we chose those to ensure our GDPR compliance:
Authentication filtering and monitoring
ONLYOFFICE offers a number of features to protect your web offices in the cloud or on-premises:
Access management and data leak prevention
Be sure that no one’s getting access to your/your customers’ personal data, thanks to:
Learn more about the ONLYOFFICE security program here.
In conclusion, we would like to underline that we fully support the law. We have always treated our users’ data with respect and will always do so.
If you have any concerns regarding GDPR and ONLYOFFICE, do not hesitate to contact us at support.onlyoffice.com.