Earning trust through principled privacy operations and transparency.
The European Union’s General Data Protection Regulation (GDPR) is the broadest reaching global regulation that addresses safeguarding the rights of individuals with respect to their digital privacy. The extraterritorial nature of the GDPR is felt globally, with heavy fines possible for failing to comply.
The General Data Protection Regulation (GDPR) is a comprehensive data privacy regulation designed to harmonize data privacy laws across Europe. The GDPR is a principles-based pan-European regulation that puts specific obligations on data controllers and processors, provides enumerated rights to data subjects, provides for remedies and penalties, and creates a common administrative oversight framework.
As a global leader in data management and cloud data services, NetApp understands data privacy. Privacy is one of the primary drivers of safeguards in a data-driven world, and as the data authority in the hybrid cloud, we maintain a comprehensive strategy and commitment to GDPR compliance. We operate under corporate policies, procedures, and standards designed to protect your privacy and offer technology that empowers you to protect the privacy of your employees, partners, and customers. This includes our Binding Corporate Rules, Privacy Principles, Code of Conduct, and comprehensive data governance processes.
Additionally, we are invested in our customers’ success under the GDPR and strive to provide products, features, functionality, and an understanding of customer requirements that will empower our customers to implement their own GDPR compliance programs. Whether you are a data controller or data processor, NetApp solutions and services can provide the tools necessary to implement programs instrumental to GDPR compliance. These include backup and recovery solutions, data availability, metadata tagging for tracking personal information , or even identifying personal information existing in your cloud environment.
NetApp offers a host of products and services, with features and functionalities designed to either comply with the GDPR or give you options on how you can implement them to comply. For example, the GDPR provides restrictions and conditions on cross-border data transfers. If a customer makes a determination that its data cannot leave a given jurisdiction, NetApp offers products and services you can implement so that customer data will only be processed within the designated region.
When we use subcontractors to process data as part of our services, we put comprehensive data processing agreements in place with these subprocessors and impose on them data protection obligations that are at least as protective as those set forth in our own customer agreements. We agree in our contracts to be liable for our subprocessors to the same extent as if we were processing the data, and we maintain a subprocessor list (login required) that is available to our customers.
Every entity is different in its products, services, operations, risk profile, and preferences. Therefore, you need to work with your legal and business advisors to determine the best strategy for your company to comply with the GDPR.
Once you have that strategy, NetApp provides a variety of products and services with tools that can help implement that strategy and be used in your privacy operations and GDPR compliance program. These include the Cloud Compliance service to help you identify certain personal information present in your data, NetApp SnapCenter technology to support backup and recovery, and NetApp FPolicy for privacy operations and policy enforcement.
A comprehensive GDPR compliance program, however, is dependent on the type and nature of personal data that is collected, the purpose and use of such data, and the operational capabilities and risk tolerances of the company. No two entities are alike. NetApp strives to provide all our customers with tools and capabilities to empower them in their efforts, regardless of the scope and nature of their GDPR compliance programs.
NetApp’s approach to global data privacy laws and the movement of data across national borders
Terms, conditions, and other information related to the use of NetApp products and services
A list of subprocessors of personal information under our Customer Data Processing Addendum.
Support compliance with the GDPR, the California Consumer Privacy Act (CCPA), and other data privacy regulations through personal information discovery and management.