How Fivetran Helps You Stay Compliant With GDPR

Fivetran services are compliant with GDPR and we’re continually adding new features to help you meet EU data protection requirements.
February 26, 2019

Since the EU first announced its General Data Protection Regulation (GDPR) in April 2016, there has been widespread discussion about the law’s regulatory implications. By the May 25, 2018 deadline, companies had to make significant changes to the ways they processed, used and exchanged personal data, or risk major fines and reputational damage.

Let’s start by making this clear: All Fivetran services are GDPR-compliant.

Fivetran is registered with the Privacy Shield program, and our registration details can be verified directly on the Privacy Shield website.

At Fivetran, we prioritise our customers’ trust by keeping data private and safe. We combine enterprise-class security features with comprehensive audits of our applications, systems and networks to facilitate compliance with EU data protection requirements. After all, we know the safekeeping of your data is critical to your values and operations.

We help you maintain data privacy and security in a number of ways:

Fivetran does not retain data. We replicate data from your databases and cloud sources, process it, and load it into your data warehouse, after which we remove it from our servers. Data is never stored longer than 24 hours on Fivetran servers. As a Fivetran customer, you retain ownership of and control over customer data.

EU servers. This year we added EU servers in Frankfurt and Belgium. While we maintain GDPR compliance on our US servers, we’re aware that customers might need the personally identifiable information (PII) data of EU citizens to remain within the legal jurisdiction of the EU.

A robust DPA. We offer customers a robust data processing agreement (DPA), which governs the relationship between the customer (acting as data controller) and Fivetran (acting as data processor). The DPA facilitates customers’ compliance with their obligations under EU data protection law. Our DPA contains strong privacy commitments focused on data replication, and we’ve updated them to ensure compliance with GDPR. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to warehouses outside of the European Union in accordance with GDPR requirements.

Data encryption. Using a key unique to each process, we encrypt data both in transit and at rest as it passes through Fivetran.

Auditing standards. We’re compliant with SOC 2. We conduct an independent AT101/SOC 2 audit annually and make the report available under a non-disclosure agreement to all existing and prospective customers upon request.

Compliance with HIPAA requirements for protected health information (PHI). Fivetran will sign a business associate agreement (BAA) with customers subject to HIPAA mandates. Note that Fivetran does not persist ePHI in its systems beyond the 24 hours needed for processing.

Column blocking and column hashing. Column blocking, currently available for eight of our most popular connectors (with more planned for the future), allows you to block specific columns from replicating to your warehouse, allowing you to avoid sending PII to your data warehouse. Column hashing allows you to hash sensitive data while still performing joins across tables in your warehouse.

Disclosure of customer data. Fivetran only discloses customer data to third parties where disclosure is necessary to provide services or comply with lawful requests from public authorities.

Access management. Fivetran provides an advanced set of access and encryption features to help customers effectively protect their information. We do not access or use customer data for any purpose other than providing, maintaining and improving Fivetran services and as otherwise required by law.

Our documentation contains further details about our commitment to security and EU data protection. If you want to learn more, feel free to reach out to our support team, which is on call 24/7.

Kostenlos starten

Schließen auch Sie sich den Tausenden von Unternehmen an, die ihre Daten mithilfe von Fivetran zentralisieren und transformieren.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Product
Product

How Fivetran Helps You Stay Compliant With GDPR

How Fivetran Helps You Stay Compliant With GDPR

February 26, 2019
February 26, 2019
How Fivetran Helps You Stay Compliant With GDPR
Fivetran services are compliant with GDPR and we’re continually adding new features to help you meet EU data protection requirements.

Since the EU first announced its General Data Protection Regulation (GDPR) in April 2016, there has been widespread discussion about the law’s regulatory implications. By the May 25, 2018 deadline, companies had to make significant changes to the ways they processed, used and exchanged personal data, or risk major fines and reputational damage.

Let’s start by making this clear: All Fivetran services are GDPR-compliant.

Fivetran is registered with the Privacy Shield program, and our registration details can be verified directly on the Privacy Shield website.

At Fivetran, we prioritise our customers’ trust by keeping data private and safe. We combine enterprise-class security features with comprehensive audits of our applications, systems and networks to facilitate compliance with EU data protection requirements. After all, we know the safekeeping of your data is critical to your values and operations.

We help you maintain data privacy and security in a number of ways:

Fivetran does not retain data. We replicate data from your databases and cloud sources, process it, and load it into your data warehouse, after which we remove it from our servers. Data is never stored longer than 24 hours on Fivetran servers. As a Fivetran customer, you retain ownership of and control over customer data.

EU servers. This year we added EU servers in Frankfurt and Belgium. While we maintain GDPR compliance on our US servers, we’re aware that customers might need the personally identifiable information (PII) data of EU citizens to remain within the legal jurisdiction of the EU.

A robust DPA. We offer customers a robust data processing agreement (DPA), which governs the relationship between the customer (acting as data controller) and Fivetran (acting as data processor). The DPA facilitates customers’ compliance with their obligations under EU data protection law. Our DPA contains strong privacy commitments focused on data replication, and we’ve updated them to ensure compliance with GDPR. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to warehouses outside of the European Union in accordance with GDPR requirements.

Data encryption. Using a key unique to each process, we encrypt data both in transit and at rest as it passes through Fivetran.

Auditing standards. We’re compliant with SOC 2. We conduct an independent AT101/SOC 2 audit annually and make the report available under a non-disclosure agreement to all existing and prospective customers upon request.

Compliance with HIPAA requirements for protected health information (PHI). Fivetran will sign a business associate agreement (BAA) with customers subject to HIPAA mandates. Note that Fivetran does not persist ePHI in its systems beyond the 24 hours needed for processing.

Column blocking and column hashing. Column blocking, currently available for eight of our most popular connectors (with more planned for the future), allows you to block specific columns from replicating to your warehouse, allowing you to avoid sending PII to your data warehouse. Column hashing allows you to hash sensitive data while still performing joins across tables in your warehouse.

Disclosure of customer data. Fivetran only discloses customer data to third parties where disclosure is necessary to provide services or comply with lawful requests from public authorities.

Access management. Fivetran provides an advanced set of access and encryption features to help customers effectively protect their information. We do not access or use customer data for any purpose other than providing, maintaining and improving Fivetran services and as otherwise required by law.

Our documentation contains further details about our commitment to security and EU data protection. If you want to learn more, feel free to reach out to our support team, which is on call 24/7.

Topics
No items found.
Share

Verwandte Beiträge

No items found.
No items found.
Fivetran brings automated data integration to Amazon SageMaker Lakehouse
Blog

Fivetran brings automated data integration to Amazon SageMaker Lakehouse

Beitrag lesen
Fivetran Connector SDK: Custom data pipelines made easy
Blog

Fivetran Connector SDK: Custom data pipelines made easy

Beitrag lesen
Why enterprises choose Fivetran for Microsoft Azure data integration
Blog

Why enterprises choose Fivetran for Microsoft Azure data integration

Beitrag lesen

Kostenlos starten

Schließen auch Sie sich den Tausenden von Unternehmen an, die ihre Daten mithilfe von Fivetran zentralisieren und transformieren.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.