You must have certainly heard by now about the GDPR law that came into effect on May 25. We shared a lot of information on GDPR and Oro applications compatibility in our guides for OroCommerce and OroCRM and also gave a shout out about our OroCommerce Customer Consent Management extension. Yet there’s still more to be clarified about GDPR.
First, because of Oro’s “security by design and by default” approach to all OroCloud environments, OroCloud customers have considerably less to worry about. However, according to the GDPR definition, they are still data controllers and thus have to share the responsibility for their customers’ personal data security. Which GDPR checkpoints exactly are still the responsibility of the OroCloud customer and what the flow is to comply with these is fleshed out in the new OroCloud Commitments to GDPR guide. This paper explains the actions taken by Oro as a data processor to support GDPR requirements and provides recommendations for OroCloud users on implementing measures within the areas they are responsible for.
Who Should Read the Guide?
OroCloud Commitments to GDPR is the go-to guide for anyone accountable for customer interactions or technology, such as:
- Information Security and Chief Information Officers;
- Storefront Administrators;
- Commerce Managers;
- Business Owners and CEOs.
Key Takeaways Include:
- Oro’s privacy protection approach for Oro services in the cloud. Learn more about the “security by design and by default” approach we have implemented.
- Hosting. Learn how OroCloud is hosted and how our hosting complies with data security and privacy standards.
- Oro Applications in OroCloud. See what safeguards we have implemented within OroCloud applications to ensure private user data protection in the cloud (g., network isolation and segmentation; vulnerability and patch management; backups and retention policies; data encryption; logs and audit trails; change management and release procedures; access management; security policies and training.)
- International data transfers. Learn about the hosting locations for OroCloud production instances, Oro’s disaster recovery locations, and about safe data transfers from a production instance to Oro support.
- Data audit. Learn about your obligation to create and maintain an inventory of the systems storing users’ personal data and find out how you can set up additional entities for personal client data storage with Oro applications.
- Learn about how you are responsible for collecting, managing, and storing user consents and what tools can help you efficiently handle different consent versions.
- User’s individual rights. Learn more about implementing processes for supporting users’ rights regarding access, rectification, portability, and erasure of personal data.
Oro is a GDPR-compliant provider and so are all of our solutions, including OroCloud applications. To better understand what steps you need to take to adjust to the new regulatory landscape, download the OroCloud Commitments to GDPR guide and follow all the checkpoints.