Palo Alto Software’s Plans for GDPR Compliance

Posted May 24, 2018 By Noah Parsons

Data privacy and security have always been top priorities for Palo Alto Software. As we have built our small business software tools, maintaining user privacy has continually been a key part of our product development, marketing, and company culture.

As you’ve probably heard, the EU recently enacted the General Data Protection Regulation (GDPR). This new regulation gives EU citizens additional rights and protections to ensure that their personal data is protected, secure, and theirs to control.

We believe that the regulations that come with the GDPR are a good thing. The more that end-users have control over their own data, the better off both businesses and users will be. GDPR also gives us an opportunity to re-evaluate and strengthen our commitment to user privacy and security. And, we’re making sure that we will be compliant by the May 25th deadline.

How we’re complying with GDPR

Palo Alto Software makes several subscription software products and also manages several websites. Our GDPR activities will cover all of our products, including LivePlan, Outpost, and Email Center Pro. We are also ensuring that any data we collect through our websites is secure, private, and that users have complete control over it. This includes sites such as Bplans, Mplans, PaloAlto, and other sites that we own and operate.

By May 25th, we will have updated the following policies, completed data and security audits, and made the required changes to our products.

Policy updates:

Terms of Service: All of our products will have an updated Terms of Service which will include a new Data Processing Agreement (DPA) with Model Clauses, as well as a list of the service providers (sub-processors) that we use to help us deliver our products and services to you.
Privacy Policy: Our Privacy Policy will be updated to explicitly explain how we use your personal data and how you can control it.
Cookie Policy: We’re creating a cookie policy that explains how we use cookies. If you’re in the EU, you’ll also be presented with a banner on our websites that will allow you to opt-in or opt-out of cookie usage.
Privacy Shield: We are also completing our EU-US Privacy Shield certification for international data transfers. This is part of our privacy policy.

Data and security audits:

Comprehensive Data Audit: We’ve completed an audit of the data we collect from our users, how we use it, and how we store it to ensure that all data is collected securely, only used for the purposes that users have allowed us to use it, and that we purge data we are no longer using.
Security Audit: We have set up regular security scans to automatically scan all of our websites and products to ensure that they are safe and secure. In addition, we have reviewed annual penetration tests to ensure that all vulnerabilities are closed and have planned additional, ongoing penetration tests to ensure that our products continue to be secure. We are PCI compliant and all of our vendors also follow secure practices.
Employee Training: We have completed GDPR training with all employees and will continue to do regular training for security and privacy, as well as require all new employees to go through the same training.

Product updates:

Data Access, Portability, and Deletion: We’ve ensured that we can access, modify, and delete all personal data should you request your data.
Data Security: We’ve audited our products to ensure that all data is collected and stored securely.

Palo Alto Software is committed to your privacy and security. We can promise that we will never, ever, sell or rent your personal information to anyone. We want you to know that you can trust us with your small business information and be confident that you can grow your business using our products. We actually use our own products to run our business, so it’s just as critical to us as it is to you that our products are safe and secure.

If you have any questions, please feel free to contact us.