GDPR Compliance with TrueVault

Right to be forgotten

The right to erasure or right to be forgotten grants data subjects the right to have their personal data deleted if they don’t want them processed anymore and when there is no legitimate reason for a data controller to keep it.

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This includes your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with.

Data Portability

Data subjects have a right to receive personal data which concern them and which they have provided to a controller organization in a structured, commonly used and machine-readable format. This way, data can be reasonably transferred to other organizations

Consent

Data subjects have a right to receive personal data which concern them and which they have provided to a controller organization in a structured, commonly used and machine-readable format. This way, data can be reasonably transferred to other organizations.

How is TrueVault Different?

TrueVault is the only product that allows you to comply with personal data regulations without overhauling your entire application and migrating your infrastructure. This makes TrueVault the easiest way to become compliant with data privacy laws, but being compliant isn’t enough to prevent breaches. TrueVault goes further by offering to provide earnest, systemic security that will help you keep your data secure and private. At TrueVault, protecting PII is our priority and our passion. We’ll make you compliant with personal data regulations quickly, and we’ll keep your data secure as your business grows.

Can I write custom code in TrueVault?

TrueVault is designed to complement your existing infrastructure, so you don’t need to write code in TrueVault. By following the de-identification path to compliance, you can write your application in any technology stack you like and run it anywhere you like. As long as you deidentify the data you process on your servers, and store the identifying information securely in TrueVault, you can run your code anywhere you like. Your developers will love the flexibility of using the right tool for the job, and you’ll benefit from better performance at a lower cost.

Will you help me in a security assessment?

Absolutely. One of the advantages of using TrueVault is our platform makes it easy to satisfy security assessments, and our team’s experience helps ensure a smooth approval. Over the years we’ve helped customers through countless third party security assessments. Most assessments follow a common pattern, so we’ve built up a suite of documentation to help auditors and partners easily understand the security advantages of TrueVault. When we run into new questions, we’re happy to help you find the right answers.

Do I have to port my code to run on TrueVault?

Nope! If you have an existing application that you want to make compliant using TrueVault, you can continue running your existing code the way you do today with small tweaks here and there to de-identify your data. If you store all the identifying information securely in TrueVault, then the de-identified data set can be stored and processed anywhere, with no obligation to adhere to the safeguards mandated by HIPAA, GDPR, or any other data privacy regulation.

Why is it better to use TrueVault than compliant-hosting?

Compliant hosting offerings are only able to solve a very narrow slice of Compliance: the physical safeguards. Your hosting provider sees your application as a black box, so they can’t help you build authentication securely, enforce access control, or even keep a complete Audit Log. TrueVault does all of these things out of the box. In addition to our compliant and secure data store, we also handle user authentication and access control, comprehensive and tamper-proof audit logging, as well as protection from advanced threats like ransomware. TrueVault is simultaneously more comprehensive, and more flexible. Because our API is modular, you can pick and choose how deep your integration with TrueVault is and how much of the compliance burden you offload. In some cases, we serve as the only backend for web and mobile applications. In others, we manage users’ identity and their access to sensitive data, but nothing else. Your team can decide how to get the most out of TrueVault, and our onboarding and support teams are here to ensure your integration is tailor fit to your needs.

How much work is it to switch to TrueVault?

If you have an existing application that you want to make compliant using TrueVault, you may be surprised how quick and easy the process is. By following the de-identification path to compliance, you can leave the vast majority of your application untouched. Start using TrueVault to store identifying information, such as names and phone numbers, and leave your non-identifying information as it is. You will need to edit your application source to make this change, but many customers find that it can be done in a matter of days. Of course, this depends on your specific use case. To learn more about what it takes, schedule a free whiteboarding session with the TrueVault team to talk about your specific application.

Did we miss your question?

Send us your question, or ask it on StackOverflow (tag it with 'truevault')