What is the GDPR?
GDPR stands for General Data Protection Regulation. It is a new EU wide set of data protection regulations that come into place on May 25th 2018. It supersedes the existing regulations with an aim to make things more unified and more comprehensive.
We recognize that we form a crucial part of your business and we take our responsibility very seriously. As part of that, we’ve put together this page so you can understand how Arlo and you can work together to achieve GDPR compliance.
We use Arlo. What is our relationship with Arlo with respect to the GDPR?
You are the Data Controller for the data you store and process using Arlo, and Arlo is the Data Processor.
We need a Data Protection Agreement (DPA) with Arlo -- how do we get one?
Email firstname.lastname@example.org and we will send you details on how to enter into a DPA between your company and Arlo.
How can Arlo help you achieve your compliance as a Data Controller?
- By storing customer data in Arlo you benefit from Arlo’s best practice compliance with respect to data storage and security. All data in Arlo is encrypted at rest and stored in AWS, a provider that is fully compliant with GDPR. Read more at https://aws.amazon.com/compliance/gdpr-center/.
- We’re building tooling into our application to help you stay GDPR compliant while continuing your business activities. For example, we're adding explicit configurable consent fields into our registration process to allow you to capture and store specific consent for data processing activities.
- The right to be informed - you can add privacy information to your terms that are displayed as part of the registration process.
- The right of access - we're developing a self-service portal for registrants, but until then, you can use our rich data-export tools to export data, to help service right of access requests.
- The right to rectification - you can use Arlo's CRM to change user's data in order to service a right to rectification request, or if you're using our Salesforce plugin, you can update their Salesforce record and have it flow down into Arlo.
- The right to erasure - email email@example.com and we can assist you in servicing these requests.
- The right to restrict processing - you can add a field in our CRM to indicate that a user has exercised their right to restrict processing, then incorporate that flag as part of your data processing flows.
- The right to data portability - Arlo has rich CSV data-export functionality that can be used to service these requests.
What is Arlo doing to ensure its own GDPR compliance?
- We’ve reviewed all our data processing flows at Arlo and, where necessary, updated them to be compliant with GDPR best practice.
- All key staff receive specific training relating to their obligation with respect to data privacy.
- We’ve arranged for DPAs with all of our data processors.
- Privacy and data security form a core part of our product development process.
Where can I get a list of Arlo’s sub-processors?
A list of Arlo’s sub-processors is available here.