Security is a top priority for many organizations. And when adopting software technology, you need to make sure the company you are partnering with cares about security as much as you do. Here’s some of the things Planview is doing related to the EU General Data Protection Regulations (GDPR) to ensure the security of our customers.
Data Protection Officer (Art. 27, 37-39)
Planview has dedicated personnel responsible for data protection who are organizationally independent from the technical teams in charge of processing. We make sure that competent personnel are\ recruited and available to represent Planview both in the U.S. and in Europe.
Implementation of Technical and Organizational Security Measures (Art. 32)
Planview implemented an information security management system that is ISO27001:2013 certified. An established risk assessment program and independently vetted technical and organizational measures to ensure that the controls in place are adequate to safeguard processes and data.
Data Breach Notification (Art 33, 34)
The GDPR requires the supervisory authority to be informed within 72 hours. Planview established an incident response process to assess issues, assess what countermeasures need to be taken, and determine which persons need to be informed and evaluate legal situation.
Privacy by Design (Art. 25)
By design, your Projectplace profile needs only the minimum amount of personal data, namely an email address to create a user account to start collaborating. Name, surname, phone number are optional data fields in a users’ profile which can be populated for a better user experience and to enable advanced security features such as two-step verification. Planview privacy policies are in accordance with the Privacy Shield framework which we are certified against. We’ve also made Data Processing Agreement based on EU Model clauses available to our customers.
Rights of Data Subjects
Right to be forgotten (Art. 16-19)
To avoid liability (and cut down on storage costs) we securely delete (or purge) the customer database when there is no longer a contractual relationship between Planview and the customer. Individual users can terminate their accounts in Projectplace or their company administrator may delete user account when he/she is no longer part of the organization.
Access, deletion, rectification and restriction rights (Art. 12-23)
Projectplace supports strong authentication and access control natively and we make sure that Planview employees access to customer data is restricted on a need to know basis. Furthermore, high-grade encryption is used to protect the customer data both in transit and at rest.
Data Portability (Art. 20)
Data portability is fully supported in Projectplace and we allow customers to download all user generated content from their workspace in open, standard formats.
Planview takes security seriously and we are taking all the recommended steps to protect customers and ensure compliance. Learn more at our security page.