While SpringCM has been focused on making sure our customers have the tools they need to comply the GDPR, we're also responsible for ensuring our own compliance.
I recently sat down with SpringCM's Senior Security and Compliance Manager, Mike Miller, to talk about a couple of the ways we prepared ourselves for the regulation.
From the product-side, it's contractually consented. So, the customer signs a contract with us, their users will inherently be consenting to the SpringCM application.
From the marketing [perspective]— anyone visiting springcm.com, or visiting communities or the blog; consent is a little more explicit from SpringCM's standpoint. Managing that consent will be a task where we gather all the assets of personal data—how they're coming in, what kind of consent has been given. Like subscribing to a blog, that's some level of consent. Assessing our own contacts, where everyone is coming in from—that is a difficult task, but it can be achieved with the [SpringCM] tools.
SpringCM is built with security at the base layer of its foundation. So everything that we do at Spring, from the platform-level, is built with security in mind.
Privacy by Design follows that same adage that we build our platform from. Privacy by Default means that SpringCM—we're putting the highest level of privacy as a default.
Things like what we went through with FedRAMP, we learned that it's usually best practice to provide the highest level of security to meet the requirements below, rather than just meeting the minimum requirement level. That helps us [to] be able to meet a lot of requirements because we are already at that top tier. We don't have to worry about changing architecture to meet a new requirement. We'll take whatever the industry standard is, and we'll find what is the maximum level that we can accomplish with the available technology that's out there today, and try to go to that level. That way, we can satisfy all the rungs below us.
For more information, visit www.springcm.com/gdpr.