GDPR Compliance

WhiteSource is committed to protecting the privacy of its customers and invests efforts in safeguarding customers' personal data by applying industry standard security practices and data management processes.

As a market-leading software security solution, WhiteSource acknowledges the importance of the General Data Protection Regulation (GDPR) enacted by the European Union and has undertaken a series of steps to ensure compliance with its requirements.

A Data Protection Officer (DPO) was appointed to oversee current and future data management and security processes and to ensure they all comply with GDPR where applicable.

A detailed action plan covering GDPR requirements has been established with many of the warranted processes being already in place. WhiteSource is aiming to make the required adjustments in both internal and external processes as required by GDPR.

The efforts are focused on four main areas:

 

Data Security

WhiteSource implements a comprehensive approach to data security, encompassing advanced authentication, access control and data confidentiality among other things.

WhiteSource utilizes industry standard, production-grade data storage and security solutions and incorporates common security best practices. Data storage is backed up frequently and on a regular basis, with both main storage and backup encrypted at rest and in transfer.

In cases where internal operations entail the involvement of sub-processors (e.g., Google Cloud Platform, SalesForce CRM, etc.), WhiteSource obtains a signed Data Processing Addendum (DPA) from each sub-processor and verifies compliance with the same data security and privacy standards.

 

Data Management

WhiteSource sets out to establish an organizational data management and usage process that accommodates GDPR requirements, with an emphasis on personal data. As part of this process WhiteSource is implementing new guidelines for data collection, administration, storage and protection.

 

Product Development

In WhiteSource, the product design and development processes include integral review checkpoints for data usage and privacy.

 

Training

The WhiteSource employee training program includes periodical security training sessions, as required by our ISO 27001 certification. WhiteSource is implementing a new training program designed to accommodate the adjustments warranted by GDPR requirements and includes dedicated data management and protection training specific to employees with access to personal data.

 

For any questions concerning GDPR and data management in WhiteSource, please contact dpo@whitesourcesoftware.com.