NetApp and the GDPR
As a global leader in data management and cloud data services, NetApp understands data privacy. Privacy is one of the primary drivers of safeguards in a data-driven world, and as the data authority in the hybrid cloud, we maintain a comprehensive GDPR strategy. We operate under corporate policies, procedures, and standards designed to protect your privacy and offer technology that empowers you to protect the privacy of your employees, partners, and customers. This includes our Binding Corporate Rules, Privacy Principles, Code of Conduct and comprehensive data governance processes.
Additionally, our GDPR compliance strategy includes an investment in our customers' success under the GDPR. We strive to provide products, features, and functionality, along with an understanding of customer requirements that empower our customers to implement their own GDPR compliance programs. Whether you are a data controller or data processor, NetApp solutions and services can provide the tools necessary to implement programs that are instrumental to GDPR compliance. These tools include backup and recovery solutions, data availability, metadata tagging for tracking personal information, and even identifying personal information that exists in your cloud environment.
Frequently asked questions
How does NetApp manage personal information in response to the GDPR?
How can I use NetApp products and services in compliance with the GDPR?
NetApp offers a host of products and services, with features and functionalities designed to either comply with the GDPR or to give you options for how you can implement them to comply. For example, the GDPR includes restrictions and places conditions on cross-border data transfers. If a customer determines that its data cannot leave a given jurisdiction, NetApp offers products and services you can implement so that customer data is processed only within the designated region.
When we use subcontractors to process data as part of our services, we put comprehensive data processing agreements in place with these subprocessors and impose on them data protection obligations that are at least as protective as those set forth in our own customer agreements. We agree in our contracts to be liable for our subprocessors to the same extent as if we were processing the data, and we maintain a subprocessor list that is available to our customers.
Does NetApp make commitments to customers regarding the GDPR?
Can NetApp help me comply with the GDPR?
Every entity is different in its products, services, operations, risk profile, and preferences. Therefore, you need to work with your legal and business advisors to determine the best strategy for your company to comply with the GDPR.
Once you have determined your strategy, NetApp offers a variety of products and services with tools that can help you implement that strategy and that can be used in your privacy operations and GDPR compliance program. These include the Cloud Compliance service to help you identify certain personal information present in your data, NetApp SnapCenter technology to support backup and recovery, and NetApp FPolicy for privacy operations and policy enforcement.
However, a comprehensive GDPR compliance program depends on the type and nature of personal data that is collected, the purpose and use of such data, and the operational capabilities and risk tolerances of the company. No two entities are alike. NetApp strives to provide all of our customers with tools and capabilities to empower them in their efforts, regardless of the scope and nature of their GDPR compliance programs.