Duda has taken the following actions to ensure we are fully compliant with GDPR (General Data Protection Regulation):
- Regarding DPF, we will be carefully examining the implications of certification, and will update you as and when Duda is DPF certified. We are also tracking the status of our vendors. In the meantime, all transfers of data to Duda in the US are secured by Standard Contractual Clauses, in connection with which we have completed a Transfer Risk Assessment which documents the legality of such transfer. The new DPF empowers the US Civil Liberties Protection Officer and the Data Protection Review Court (DPRC) to review cases of data transferred based on SCCs too; such that the regulatory profile of Duda's transfers is even stronger now that the DPF has been agreed.
- We have conducted a security audit to make sure all of our security measures and protocols are fully GDPR-compliant.
- Duda’s organizational policies, especially our data security and data privacy policies, cover what is required by the GDPR. Our staff is fully aware of the need for strong data security and privacy practices across the entire company. This is an ongoing process and we see it as a key factor to our success in this project.
- Duda is documenting and developing all operational procedures required to support an individual’s right to review any of their private data that we store, the right to be forgotten, etc.
- We have updated all our data processing agreements in light of GDPR requirements.
- The broader topic of data security is a long-term commitment rather than a one-off project. Duda remains committed to data security and privacy and we will ensure that our customers are protected in an ever-changing landscape of regulation and real-world threats.
To Submit a Request
To submit GDPR requests, see How to Contact Support.