What is GDPR?
GDPR, which stands for the General Data Protection Regulation of the European Union, is a significant data protection framework that went into effect on May 25, 2018, affecting not only companies within the European Union but also companies with global operations worldwide.
GDPR has a broad reach and applies to any organization that handles data originating from the EU, regardless of its location. Even companies based in the United States are not exempt from GDPR, as they must comply when dealing with data from the EU. The goal is to protect the personal data of individuals within the EU, ensuring that it is handled responsibly and securely by organizations across the globe.
How is Carta ensuring compliance?
At Carta, we are taking proactive steps to ensure compliance with GDPR. Here's what we're doing:
Strengthening Privacy Controls: We are implementing more robust privacy controls to enhance the protection of user data.
Ongoing Evaluation: We follow a structured framework to assess and update privacy controls not only for existing features but also for every new feature we introduce.
Streamlined Data Management: We have systems in place to efficiently handle requests related to inaccurate data and to provide users with access to their data stored within Carta.
Compliance Initiatives: Carta is a participant in the Data Privacy Framework organization, which facilitates secure data transfers between the United States and the European Union, the United Kingdom, and Switzerland while ensuring compliance with their respective data protection laws.
Where can I find more information about GDPR compliance?
For more information on GDPR, click here to visit the official EU Commission website.
Additionally, you can find the EU Commission's FAQs on Standard Contractual Clauses (SCCs) here.