General Data Protection Regulation (GDPR)

On May 25, 2018, the General Data Protection Regulation (GDPR), will come into enforcement. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy.

PerimeterX is committed to the EU regulations and therefore have put it at the highest priority to fully comply with the EU GDPR. Read more on how the PerimeterX Bot Defender product is GDPR compliant.

Read our GDPR FAQs

GDPR FAQ

PerimeterX considers compliance and regulatory directives at the highest priority. All data collected is considered “Anonymous” and can’t lead to identification of an individual.

This means that PerimeterX Bot Defender is GDPR compliant as no PII is collected, transmitted or saved as part of the detection process except for IP address.

IP address is considered an online identifier under the GDPR, yet can’t be used to identify an individual as no other data is collected along with it that can lead to an identification of an individual.

Regardless of the above, IP Address is used solely and for no other purpose than ensuring the proper function of the website on which PerimeterX Bot Defender protects - this is a legitimate use under recital 49 in the GDPR.

As PerimeterX values data protection, customers’ web traffic meta-data is encrypted in-transit and at-rest, and protected throughout the processing (with limited access on ‘least privilege’ and ‘segregation of duties’ principles) regardless of the type of data, and whether it is considered PII or not.

All data is anonymous by design and can’t lead to a direct identification of an individual. In addition, all services and vendors used are SOC 1 and SOC 2 compliant, and adhere to the industry standards in terms of data protection and encryption best practices.

As part of its Information Security Policy Program, PerimeterX has included a dedicated section in addressing all security requirements including but not limited to: Security Training, Security Monitoring, Security Controls, Reporting and Violation of Security Guidelines.

Yes. Ongoing internal and external (3rd party) vulnerability scans are part of the standards that PerimeterX has adopted to meet the industry guidelines and best practices, along with additional SDLC standards such as static code analysis, code reviews and advanced deployment tools.

As part of the Information Security Policy Program, PerimeterX has included a dedicated section on Security Training. Security training is mandatory for all employees.

PerimeterX is committed to customers’ data protection regardless of any PII presence. As part of the Information Security Policy Program, a dedicated section is addressing all security and data breaches guidelines - including the internal and external reporting of any suspected or identified potential data breach immediately upon discovery.

Regional requirements are addressed as part of the PerimeterX Bot Defender platform - regional fencing is enforced upon customer request.

© PerimeterX, Inc. All rights reserved.