Saying this never gets old: We have a shiny new data compliance certification to show off.
This month, Intentwise received a certification for GDPR compliance, meaning our internal data privacy and security protocols have been found to meet the high standards of European privacy law.
Our GDPR certificate is part of a flurry of compliance audits we have recently passed with flying colors. Earlier this year, we received certifications for meeting and exceeding SOC 2 and ISO 27001 standards.
We hope our GDPR certification will accelerate our rapid growth into the European market.
Plus: Even for non-European customers, we think these certificates should give you peace of mind about the security of your data. When you choose Intentwise for your analytics needs, you can be sure you are relying on a team that is at the forefront of data protection.
What does the GDPR certification mean?
“GDPR” refers to the General Data Protection Regulation, a set of European Union regulations that give individuals more direct control over their personal data.
In order to ensure the safety and privacy of EU citizen data, any organization that collects data on EU individuals has to follow these regulations. GDPR rules require companies to meet the highest standards of privacy, transparency, and security.
Our certificate means we cleared that test. It’s heartening to see: At Intentwise, we take data privacy and transparency incredibly seriously. We had already committed to GDPR guidelines through a self-certification process in 2018.
Our GDPR checklist:
GDPR compliance requires companies to meet two sets of requirements: 1) security requirements and 2) legal/privacy requirements.
Together, both sets of requirements can necessitate a long certification process. But since Intentwise audited our security protocols as a part of our ISO 27001 and SOC 2 certifications, we had already done most of the heavy lifting when we started down the road of GDPR compliance.
In order to meet the rest of the GDPR requirements, Intentwise had to work through the following checklist:
✅ Create and implement a Data Protection Addendum with our vendors who receive personal data from us. Our DPA ensures that each vendor treats personal data with the utmost care, and follows GDPR policies with the same rigor that we do.
✅ Implement Standard Contractual Clauses governing data transfers. These contractual clauses set out best practices for ensuring individual data privacy and consent, for handling breaches, and much more.
✅ Ensure our privacy policy meets all of the requirements and expectations of the GDPR, including by giving users more control over where their data is sent.
✅ Submit for a detailed external audit. Though audits are not a requirement of a GDPR certification, Intentwise opted to hire an external auditor to scrutinize our processes so we could ensure the highest standards.
✅ Build out cookie and email marketing compliance. Much of the GDPR is premised on transparency and individual consent around data. That means Intentwise went through all of our products and services and verified that we had clear opt-in and opt-out frameworks for users.
For cookie collection, we added GDPR-compliant banners to allow our website visitors to opt in to cookie collection on our website.
Similarly, we vetted our email marketing campaigns to ensure GDPR compliance, such as by ensuring a prominent “unsubscribe” button is always available.
Why do we do all this? Because we want our customers to know that, when they choose us, they are in good hands.
Want to work with a software partner who can ensure your data is safe, secure, and compliant? Book a demo with Intentwise today.
