Guru takes its privacy obligations seriously under the General Data Protection Regulation (GDPR), which is why we’ve spun up a number of key initiatives to ensure that we process personal information lawfully, fairly, transparently and for its intended nature and purpose.
In our effort to institute privacy by design, we've added a dedicated risk and compliance officer to the management team, who will not only serve as the nominal Data Protection Officer for GDPR matters, but will orchestrate and enforce Guru’s security standards.
As a data processor, we've captured our commitments under new data processing addendum, grounded in GDPR’s mandates and supported in practice by our ongoing Privacy Shield self-certification.
We've instituted a repeatable methodology for data portability and data deletion; when personal information needs to be returned or removed, we’re ready!
While GDPR's May 25th, 2018 mandate is an important company compliance milestone, we nonetheless maintain a security governance program, and will continue to execute our annual SOC 2 audit schedule as well as actively assess our production environment through recurring vulnerability testing.
For more information, visit our Security FAQs or contact us at firstname.lastname@example.org