Split and GDPR Readiness

On May 25th, 2018, Europe’s new data protection law, the General Data Protection Regulation, will come into effect. The GDPR marks the most significant reform of European data protection law – indeed, any data protection law anywhere in the world – ever. It is designed to give citizens of the European Union more control over their data and seeks to unify a number of existing privacy and security laws.

Under the reforms introduced by the GDPR, any business that provides goods and services into the European Union, or that otherwise monitors the behavior of individuals in the European Union (through, for example, the use of analytics or ad tech technologies) will be subject to data protection law.

Split’s Readiness

At Split, we recognize the significance of these reforms both to our customers and to the services we provide. Our customers expect to work with partners who commit to compliant data protection and information security standards when handling their data. For that reason, Split with support from EU external advisers, has been undertaking (and continues to undertake) a number of activities to ensure that it is GDPR-ready by May 2018 and beyond. These activities include:

  • Conducting a data mapping exercise to prepare the data processing records;
  • Updating Split’s standard customer terms to ensure that, when Split acts as a processor, these reflect the relevant data processor commitments under Article 28 of the GDPR;
  • Reviewing and revising Split’s downstream terms with its vendors and co-op partners to ensure that these address GDPR requirements;
  • Reviewing, identifying and implementing any product changes that might be needed in light of the GDPR (including enabling compliant consent (where required) pathways and formalizing its processes around data subject rights to ensure that Split is able to respond (and that it can help its customers respond) comprehensively and within the timeframes required by the GDPR;
  • Revising Split’s privacy notices to ensure they meet the disclosure requirements of the GDPR;
  • Ensuring Split staff that access and process Split customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data;
  • Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves; and
  • Ensuring continued use of adequate security measures to safeguard any data collected and processed on systems owned or managed by Split.

GDPR Q&A

Does Split process Personal Data of its customers?

Yes, when provided by its customers, Split processes customer Personal Data to provide the products and services and for other limited purposes enumerated in our Privacy Policy.

Where does Split send my data?

Today, Split stores data in its AWS data centers located in the US. Split ensures that we have appropriate safeguards in place to protect data that we transfer outside the EEA.

Is Split Privacy Shield certified?

As of October 9, Split is US Privacy Shield certified. Learn more in our Privacy Shield announcement blog.

Is Split SOC2 certified?

Yes. We have recently completed our SOC2 Type 1 certifications and will be SOC2 Type 2 certified in the coming quarters. You can learn more here.

More Resources

Split is committed to implementing its GDPR readiness program and understands the importance of a successful transition to GDPR for its customers.

For more, please visit Trust & Security, including:

  • Privacy – Split is data optional. If you do decide to send us data, it becomes our responsibility and we’re committed to protecting it from unauthorized access.
  • Security – Split follows extensive practices to track and protect your data as it moves through Split’s services.
  • Compliance – Split is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust compliance program that ensures the confidentiality of your data.