Fortress has a dual-standard SSAE 16 and ISAE 3402 Service Organization Control (SOC) 1 Type II, SOC 2 Type II, and SOC 3 reports covering each of Fortress’s data centers to include operations, policies and procedures, and physical and environmental security controls. Fortress also has facility-specific PCI and HIPAA compliance reports for physical security and information security policies. Fortress enables businesses to become compliant in the Financial, Healthcare and Federal industries that require regulatory authority of PCI DSS, HIPAA, FISMA, NIST 800-53 and ITAR standards. Additionally, Fortress annually registers its adherence to the US-EU Safe Harbor Privacy framework.
Welcome to the Fortress GDPR guidance center
This guidance center hopes to offer some helpful insight and practical steps for organizations as they prepare for compliance with the General Data Protection Regulation, otherwise known as the GDPR, by May 25, 2018.
Of course, every organization’s journey to GDPR compliance is different. It depends on, among other factors, company size, the types and amount of data it processes, and its current security and privacy measures.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It comes into effect on May 25, 2018.
Personal data plays a huge part in society and the economy. It is essential that people have—and know they have—control and clarity over how their data is used and protected by any organization they interact with, and that organizations are given clear guidelines to protect their personal data.
One of the aims of the GDPR is to harmonize and bring data privacy laws across Europe up to speed with the rapid technological change in the past two decades. It builds upon the current legal framework in the European Union, including the EU Data Protection Directive in existence since 1995.
Getting ready for the GDPR
Organizations established in the EU and processing personal data of EU-based individuals will, in almost all cases, be required to comply with the GDPR by May 25, 2018. The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals. Many organizations, large and small, are now preparing for the new regulation.
Dropbox has many years experience earning our users’ trust. Dropbox Business is certified compliant with the most widely-accepted security and privacy standards and regulations in the world, such as ISO 27001/2, ISO27018/17 and SOC 2. Our cross-functional team of data protection specialists has put together a series of insights and resources to help you on your road to GDPR compliance.