How Fivetran ensures GDPR compliance and protects your data

Learn how we prioritize privacy and data protection with a robust framework that adheres to the GDPR and other global regulations.
September 9, 2024

As the leading data movement platform, we understand the importance of privacy, confidentiality and responsible handling of data. Our approach to data protection is multifaceted and designed to comply with over a hundred data protection regimes and frameworks across the globe.

Our key security features include column blocking and hashing, encryption and metadata logging. Beyond these, we’ve implemented several measures to ensure full compliance with the GDPR and other data protection laws

  • Fivetran privacy framework: We use the AICPA/CICA (American Institute of Certified Public Accountants/Chartered Institute of Management Accountants) Privacy Maturity Model to measure the success of our privacy program. Our philosophy incorporates “privacy by design” and “privacy by default,” but we go further by emphasizing dedicated personnel, strict policy enforcement and continuous monitoring. In essence, we believe privacy means handling personal data responsibility and in line with customer expectations.
  • Handling Data Subject Access Requests (DSARs): We have established processes and specialized personnel to manage both DSARS and privacy complaints through our privacy@fivetran.com email.
  • Cross-border transfers: Fivetran is certified under the EU-US, UK extension and Swiss-US Data Privacy Frameworks. We also use Standard Contractual Clauses (SCCs) and provide Transfer Impact Assessment (“TIA”) upon request to ensure compliant cross-border data transfers.
  • Subprocessor list: We maintain a list of global subprocessors and affiliates and provide notice for any additions to this list, ensuring transparency. 
  • Data residency: We offer data residency options across 20+ major cloud regions worldwide, with features like geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking to keep your data within designated regions. 
  • Diagnostic data access: Diagnostic data access by Fivetran is strictly controlled and requires explicit customer approval.
  • Data protection assessments: We conduct regular Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs) following ISO privacy standards to ensure compliance with multiple international privacy laws. Our privacy engineering playbook guides our engineers in building with privacy in mind.
  • Data mapping: We maintain a detailed data inventory for our systems, ensuring compliance with the GDPR’s Record of Processing Activities (ROPA) requirement using third-party tools. The inventory includes details of data types being processed, such as the data field and whether or not it is sensitive personal data, descriptions of the processing being performed, and transfers of personal data. In addition, our tool provides insights to ensure we have the correct contractual language in place with our third-party vendors.
  • Data retention: Fivetran has taken efforts to minimize the duration when customer data is processed in our systems, aligning with GDPR principles.
  • Cookie consent management: We manage cookie consent in line with the GDPR and and conduct quarterly audits to ensure ongoing compliance.

At Fivetran, building a platform with privacy in mind is crucial to maintaining our customers' trust. As the leader in automated data movement, we strive to make Fivetran easy to use while keeping privacy a top priority. For more information, contact our sales team at sales@fivetran.com. To report a privacy concern, email us at privacy@fivetran.com or DPO@fivetran.com.

[CTA_MODULE]

Commencer gratuitement

Rejoignez les milliers d’entreprises qui utilisent Fivetran pour centraliser et transformer leur data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Product
Product

How Fivetran ensures GDPR compliance and protects your data

How Fivetran ensures GDPR compliance and protects your data

September 9, 2024
September 9, 2024
How Fivetran ensures GDPR compliance and protects your data
Learn how we prioritize privacy and data protection with a robust framework that adheres to the GDPR and other global regulations.

As the leading data movement platform, we understand the importance of privacy, confidentiality and responsible handling of data. Our approach to data protection is multifaceted and designed to comply with over a hundred data protection regimes and frameworks across the globe.

Our key security features include column blocking and hashing, encryption and metadata logging. Beyond these, we’ve implemented several measures to ensure full compliance with the GDPR and other data protection laws

  • Fivetran privacy framework: We use the AICPA/CICA (American Institute of Certified Public Accountants/Chartered Institute of Management Accountants) Privacy Maturity Model to measure the success of our privacy program. Our philosophy incorporates “privacy by design” and “privacy by default,” but we go further by emphasizing dedicated personnel, strict policy enforcement and continuous monitoring. In essence, we believe privacy means handling personal data responsibility and in line with customer expectations.
  • Handling Data Subject Access Requests (DSARs): We have established processes and specialized personnel to manage both DSARS and privacy complaints through our privacy@fivetran.com email.
  • Cross-border transfers: Fivetran is certified under the EU-US, UK extension and Swiss-US Data Privacy Frameworks. We also use Standard Contractual Clauses (SCCs) and provide Transfer Impact Assessment (“TIA”) upon request to ensure compliant cross-border data transfers.
  • Subprocessor list: We maintain a list of global subprocessors and affiliates and provide notice for any additions to this list, ensuring transparency. 
  • Data residency: We offer data residency options across 20+ major cloud regions worldwide, with features like geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking to keep your data within designated regions. 
  • Diagnostic data access: Diagnostic data access by Fivetran is strictly controlled and requires explicit customer approval.
  • Data protection assessments: We conduct regular Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs) following ISO privacy standards to ensure compliance with multiple international privacy laws. Our privacy engineering playbook guides our engineers in building with privacy in mind.
  • Data mapping: We maintain a detailed data inventory for our systems, ensuring compliance with the GDPR’s Record of Processing Activities (ROPA) requirement using third-party tools. The inventory includes details of data types being processed, such as the data field and whether or not it is sensitive personal data, descriptions of the processing being performed, and transfers of personal data. In addition, our tool provides insights to ensure we have the correct contractual language in place with our third-party vendors.
  • Data retention: Fivetran has taken efforts to minimize the duration when customer data is processed in our systems, aligning with GDPR principles.
  • Cookie consent management: We manage cookie consent in line with the GDPR and and conduct quarterly audits to ensure ongoing compliance.

At Fivetran, building a platform with privacy in mind is crucial to maintaining our customers' trust. As the leader in automated data movement, we strive to make Fivetran easy to use while keeping privacy a top priority. For more information, contact our sales team at sales@fivetran.com. To report a privacy concern, email us at privacy@fivetran.com or DPO@fivetran.com.

[CTA_MODULE]

For more details, read the Fivetran Security Whitepaper.
Download
Topics
Share

Articles associés

5 criteria for evaluating data platform security
Data insights

5 criteria for evaluating data platform security

Lire l’article
L’importance de la gouvernance et de la sécurité des data pour la préparation à l’IA
Data insights

L’importance de la gouvernance et de la sécurité des data pour la préparation à l’IA

Lire l’article
Navigating data lake challenges: Governance, security and automation
Data insights

Navigating data lake challenges: Governance, security and automation

Lire l’article
Implementing a data fabric: From silos to insights
Blog

Implementing a data fabric: From silos to insights

Lire l’article
Leaky data pipelines: Uncovering the hidden security risks
Blog

Leaky data pipelines: Uncovering the hidden security risks

Lire l’article
Navigating data lake challenges: Governance, security and automation
Blog

Navigating data lake challenges: Governance, security and automation

Lire l’article
Implementing a data fabric: From silos to insights
Blog

Implementing a data fabric: From silos to insights

Lire l’article
Leaky data pipelines: Uncovering the hidden security risks
Blog

Leaky data pipelines: Uncovering the hidden security risks

Lire l’article
Navigating data lake challenges: Governance, security and automation
Blog

Navigating data lake challenges: Governance, security and automation

Lire l’article

Commencer gratuitement

Rejoignez les milliers d’entreprises qui utilisent Fivetran pour centraliser et transformer leur data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.