General Data Protection Regulation (GDPR)
On May 25, 2018, the General Data Protection Regulation (GDPR), will come into enforcement. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy.
PerimeterX is committed to the EU regulations and therefore have put it at the highest priority to fully comply with the EU GDPR. Read more on how the PerimeterX Bot Defender product is GDPR compliant.
Read our GDPR FAQs
What processes do you have in place to achieve GDPR compliance in time for the deadline?
PerimeterX considers compliance and regulatory directives at the highest priority. All data collected is considered “Anonymous” and can’t lead to identification of an individual.
This means that PerimeterX Bot Defender is GDPR compliant as no PII is collected, transmitted or saved as part of the detection process except for IP address.
IP address is considered an online identifier under the GDPR, yet can’t be used to identify an individual as no other data is collected along with it that can lead to an identification of an individual.
Regardless of the above, IP Address is used solely and for no other purpose than ensuring the proper function of the website on which PerimeterX Bot Defender protects - this is a legitimate use under recital 49 in the GDPR.
What are your data protection policies for customer data?
As PerimeterX values data protection, customers’ web traffic meta-data is encrypted in-transit and at-rest, and protected throughout the processing (with limited access on ‘least privilege’ and ‘segregation of duties’ principles) regardless of the type of data, and whether it is considered PII or not.
What processes and methods are you using to properly anonymize and encrypt personal data?
All data is anonymous by design and can’t lead to a direct identification of an individual. In addition, all services and vendors used are SOC 1 and SOC 2 compliant, and adhere to the industry standards in terms of data protection and encryption best practices.
What internal processes do you have for taking action in the event of a security violation?
As part of its Information Security Policy Program, PerimeterX has included a dedicated section in addressing all security requirements including but not limited to: Security Training, Security Monitoring, Security Controls, Reporting and Violation of Security Guidelines.
Does your systems undergo regular penetration testing? How often do you implement vulnerability scans?
Yes. Ongoing internal and external (3rd party) vulnerability scans are part of the standards that PerimeterX has adopted to meet the industry guidelines and best practices, along with additional SDLC standards such as static code analysis, code reviews and advanced deployment tools.
What are the data privacy and security trainings employees receive, and how often?
As part of the Information Security Policy Program, PerimeterX has included a dedicated section on Security Training. Quarterly Security training is mandatory for all employees.
What data breach protection and protocols do you have? How do you detect data breaches? How do you disclose if a breach occurred?
PerimeterX is committed to customers’ data protection regardless of any PII presence. As part of the Information Security Policy Program, a dedicated section is addressing all security and data breaches guidelines - including the internal and external reporting of any suspected or identified potential data breach immediately upon discovery.
How are you keeping my data from being stored outside of my designated country?
Regional requirements are addressed as part of the PerimeterX Bot Defender platform - regional fencing is enforced upon customer request.