Security and data protection has been a priority for us since we started as a company. In 2020, we already achieved several major milestones with our continuous compliance efforts in relation to the General Data Protection Regulation (GDPR).
SkyKick’s EMEA HQ operations out of Amsterdam, the Netherlands was awarded the Data Pro Code Certified status in November of 2020. It is the first Code of Conduct in the Netherlands that is intended to help companies in the digital sector to meet the obligations of the GDPR and is independently audited for a processor’s compliance with the GDPR.
As a further benefit to our partners (SkyKick Partners) and end-customers (SkyKick End-Customers), we have implemented additional security and data protection safeguards and commitments. These additional safeguards and commitments reflect the recommendations of the European Data Protection Board (EDPB) [1] for addressing the decision of the EU’s Court of Justice in the Schrems II case [2] .
Our additional safeguards and commitments
- First, we are continuously improving transparency with respect to how we protect data and comply with our privacy obligations. Please see our updated Customer Terms and Conditions and Data Processing Addendum for more detail about how we protect the data of SkyKick Partners and SkyKick End-Customers.
- Second, following the example which Microsoft has set for the industry, we are committed to review the legality of access requests and to challenge every government access request where there is a lawful basis for doing so. This strong commitment, included in SkyKick Customer Terms and Conditions, goes beyond the recommendations of the EDPB.
- Third, we introduced additional organizational and technical safeguards to provide SkyKick Partners and SkyKick End-Customers with the solution to their data sovereignty challenges.
Next phase – further investments in the Data Pro+ Certified Status
With these clear commitments and contractual, technical and organizational safeguards, we have now committed to the next phase of the Data Pro Code certification process and will certify against the Data Pro+ certification standard, which reflects the growth of SkyKick in the EMEA region.
During the remainder of 2021, SkyKick’s EMEA operations will continue to implement their fully integrated audit approach for both GDPR and ISO27001 compliance, further partnering with the Data Pro Foundation, the Dutch Data Protection Authority, DNV and other industry leaders in the Data Protection sector.
Upon achieving the Data Pro+ Certificate, we will continue with the further global rollout of these safeguards and compliance efforts in relation to all relevant global data privacy regulations.
Because we have taken all the necessary additional technical, contractual and organizational measures to provide the additional safeguards required under the Schrems II ruling, SkyKick Partners and SkyKick End-Customers in the EU/EEA, UK and Switzerland enjoy an immediate advantage in meeting their own respective compliance obligations under the applicable data protection laws.
SkyKick’s data privacy team can be reached at dataprivacy@skykick.com for any data privacy inquiries, GDPR questions and further information about its continuous compliance efforts.
***
[1] Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, and the EDPB Recommendations 02/2020 on the European Essential Guarantees for surveillance measures.
[2] Judgement of the Court (Grand Chamber) 16 July 2020 in Case C-311/18, ECLI:EU:C:2020:559.