Become GDPR compliant with monday.com
It is completely valid to feel overwhelmed by the General Data Protection Regulation (GDPR) and navigating the laws can be confusing for most of us.
Several of our clients who collect and process personal data have their data stored on US servers by default. This is not an issue as long as your company does business with countries that don’t fall under the European Union (EU) umbrella. The chances of this scenario are very slim considering that nowadays everything is done online and most businesses are done via the internet.
It may seem like there are no borders online and that is true to some extent. However, as soon as your company starts collecting and storing personal data from EU citizens, you must comply with the EU’s General Data Protection Regulation (GDPR). These regulations are not limited to EU organizations but all companies that collect and store personal data from EU citizens. GDPR is enforced internationally by the Information Commissioner’s Office (ICO) and your company could be held accountable if not following the regulations.
But we have good news! As of January 2021, monday.com offers its enterprise customers the ability to have their data stored and processed in Amazon servers located in Frankfurt, Germany.
And our consultants at Omnitas are experts at navigating and implementing sought-after features on monday.com. Book a consultation with Omnitas now to start optimizing your workflow!
Why bother with GDPR ?
You may be wondering what’s the difference between having your data stored on different servers. EU has the toughest privacy and security standards compared to the rest of the world, so if a company is established in the EU or outside of the EU but offers goods/ services to individuals in the EU, it must comply with the set of regulations.
GDPR came into effect on May 25th, 2018 and by failing to comply with the regulations the business is at risk of paying a hefty fine of up to €20 million or 4% of their annual worldwide turnover.
Benefits of Storing Data in the EU Servers
For the longest time, the default data region on monday.com has been the US. With monday.com enterprise plan, your customer data may be stored in their EU data center and will not be backed up or replicated anywhere else.
As a security measure, monday.com doesn’t allow the data to flow freely between the two systems. This is why you can’t just transfer your data by default, and a new account has to be created and you then have to replicate your already existing data in your current servers.
Servers Within the EU
monday.com’s headquarters are located in Israel which has been certified by the EU for having an adequate data protection regulation.
By the European Union’s standards, any business operating with EU citizens’ personal data must know what data is being collected and where it is being stored.
According to the GDPR, all data gathered on EU citizens must be either stored in the EU, where it will be subject to European privacy regulations, or in a jurisdiction with comparable levels of data protection. There are of course exceptions to the rule, which means that you could use the non-EU servers. You would have to go through strenuous administrative processes and security assessments, which is why we at Omnitas recommend using the EU servers to skip the avoidable headache.
monday.com’s US and EU servers are both provided through Amazon Web Services (AWS) which has high security and is exceptionally reliable. The only difference is where the data is physically stored as well as which sub-processors are being used. On top of the already existing security of AWS, monday.com has its own layers of security added on top to ensure maximum security of your data.
Multiple layers of security
Managing the personal data of 100,000 plus organizations around the world requires rigorous security measures. monday.com employs several layers of security in its infrastructure.
From being able to restrict IP addresses to the complete encryption of all data, monday.com has ensured that you can choose who will view your data every step of the way.
monday.com gets annual penetration tests done by a third-party examiner in order to obtain their SOC2 Type II audit and ISO certifications.
The audit log is another fantastic feature that allows the admin to obtain a detailed report of all account-related activities. And if any of the team’s login credentials get compromised, there is a “Panic button” available. In case of emergency, all users will be temporarily locked out until the admin contacts monday.com’s Customer Success team, where the situation will be investigated, and further instructions will be given to unblock the account step by step.
Give Permission to the Right People
monday.com’s enterprise plan allows you to set your desired permissions on every level of your workflow. From the overall account down to the workspace and even to each column, you can set the permissions so only the people who have been given access can see the information.
Through permissions, you can also decide which users have the right to integrate into the platform, export information, etc.
Thinking of Migrating Your monday.com Account?
Are you perhaps one of the several already existing customers who are looking to transfer your account from the US to the EU servers?
monday.com doesn’t currently offer an automatic process, which means that you must create an entirely new account in the EU servers and replicate all the existing data.
This is where Omnitas comes into play!
We have created a technical solution with the use of APIs that helps you with this process. Our experts will assist you in the migration and implementation process by studying your already existing structure.
Book a meeting with us now, so we can get you started ASAP!
If you enjoyed this article on the topic of GDPR called “How is Data Residency In the EU Affected by GDPR and Schrems II ?“.