On Tuesday Oct 6, 2015 the European Court of Justice ruled that the 15 year old decision made to permit Personal Data to be transferred from the European Economic Area (EEA) to the United States under the Safe Harbor framework is invalid.
Here at GoodData we know our customers are concerned about the privacy of their data. Over the years we have always made certain that the processes we followed to self-certify under Safe Harbor would stand the test of audit. To that end we have ensured that all of our Technical and Organizational Measures (TOMs) used in achieving both Safe Harbor certification as well as our TRUSTe Enterprise Privacy certification are backed up by our independently conducted 3rd party SOC 2 audit. Without Safe Harbor, Data Controllers (you) must ensure Data Processors (GoodData) include Model Clauses in the agreements used to process data outside of the EEA.
Model Clauses or European Standard Contractual Clauses as they are called, are a set of obligations approved by the EU Article 29 Working Group that ensure, in a standardized way, the appropriate controls are in place to protect personally identifiable information that leaves the European Economic Area. By including Model Clauses customers may continue to use the GoodData service without interruption.
GoodData has a Security Addendum available which includes both the EU approved Model Clauses and our Technical and Organizational Measures that support them. By adding this to your agreement you will be able to remain in compliance with the requirements of the EU Data Protection Directive (Directive 95/46/EC). In order to receive a copy of the Security Addendum please contact your Account Manager or Customer Success representative.
To further help our customers, GoodData also provides an EU based datacenter which customers may choose in order to ensure their data is stored and processed in the EEA. If the EU datacenter is the location chosen GoodData will ensure that data is never transferred to our US datacenter for storage or processing.