Asana and the GDPR: our commitment to you

Here at Asana, we’re committed to protecting your data and respecting your privacy. The General Data Protection Regulation (“GDPR”), a new regulation designed to protect the individual privacy rights of EU residents, will come into effect on May 25, 2018, and we want to share what we’re doing to become GDPR-ready.

When the GDPR comes into effect, most organizations that collect, maintain, or process EU residents’ personal data (regardless of the organization’s global location) will be required to implement certain procedures and safeguards for that data. In preparation, Asana has established a comprehensive and ongoing compliance program and is committed to partnering with its customers and vendors to help them in their GDPR compliance efforts.

At Asana, we strive for transparency with our customers and partners. In that spirit, we want to share a few examples of what Asana has in place to prepare for the GDPR and how customers can partner with us to support their GDPR compliance initiatives:

  • International Data Transfers: The GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework. While Asana has already complied with this requirement through its certification under the EU-US Privacy Shield framework, we also offer EU Model Contractual Clauses.
  • Security: We’ve implemented a number of technical and organizational safeguards designed to protect the security and integrity of your data. For example, we encrypt web connections to protect data transmissions and use industry-standard OTP technology to further secure access to our corporate infrastructure.
  • Data Access, Management, and Portability Tools: Asana customers who are data controllers can easily access and manage their team members’ data. Specifically, these customers not only are able to directly access, update, modify, and delete data within the Asana platform, but they also have the ability to export Organization member and guest information.
  • Documentation: Asana shares the GDPR’s commitment to transparency, fairness, and accountability which is why Asana’s GDPR-readiness program requires documentation about our data collection and processing activities, and the various policies and guidelines we follow.

Interested in learning more about Asana’s security strategy and how we are preparing for the GDPR? Check out our Statement on Security, where we provide an in-depth overview on our approach to security and GDPR-readiness.

Would you recommend this article? Yes / No