What is the GDPR?
GDPR stands for General Data Protection Regulation. It is a new EU wide set of data protection regulations that were introduced on May 25th 2018. It supersedes existing regulations with an aim to make things more unified and more comprehensive.
We recognize that we form a crucial part of your business and we take our responsibility very seriously. As part of that, we’ve put together this page so you can understand how Arlo and you can work together to achieve GDPR compliance.
We use Arlo. What is our relationship with Arlo with respect to the GDPR?
You are the Data Controller for the data you store and process using Arlo, and Arlo is the Data Processor.
We need a Data Protection Agreement (DPA) with Arlo. How do we get one?
When you start your trial with Arlo, or sign up to go live, your use of the service is covered by our Master Subscription Agreement (MSA).
Our DPA is an integral part of the MSA, it automatically applies to your use of the service. You do not need to execute a separate DPA with Arlo.
How can Arlo help you achieve your compliance as a Data Controller?
- By storing customer data in Arlo you benefit from Arlo’s best practice compliance with respect to data storage and security. All data in Arlo is encrypted at rest and stored in AWS, a provider that is fully compliant with GDPR. Read more at https://aws.amazon.com/compliance/gdpr-center/.
- We’re building tools into our application to help you stay GDPR compliant while continuing your business activities. For example, we're adding explicit configurable consent fields into our registration and leads process to allow you to capture and store specific consent for data processing activities.
- The right to be informed - you can add privacy information to your terms that are displayed as part of the registration and/or leads process.
- The right of access - we're developing a self-service portal for your contacts, but until then, you can use our rich data-export tools to export data, to help service right of access requests.
- The right to rectification - you can use Arlo's CRM to change user's data in order to service a right to rectification request, or if you're using our Salesforce plugin, you can update their Salesforce record and have it flow down into Arlo.
- The right to erasure - email firstname.lastname@example.org and we can assist you in servicing these requests.
- The right to restrict processing - you can add a field in our CRM to indicate that a user has exercised their right to restrict processing, then incorporate that flag as part of your data processing flows.
- The right to data portability - Arlo has rich CSV data-export functionality that can be used to service these requests.
What has Arlo done to ensure its own GDPR compliance?
- We’ve reviewed all our data processing flows at Arlo and, where necessary, updated them to be compliant with GDPR best practice.
- All key staff receive specific training relating to their obligation with respect to data privacy.
- We’ve arranged for DPAs with all of our data processors.
- Privacy and data security form a core part of our product development process.
Where can I get a list of Arlo’s sub-processors?
A list of Arlo’s sub-processors is available here.