At Scribe, we diligently prepared for the EU General Data Protection Regulation (GDPR) to ensure we meet its requirements and maintain transparency about how we handle data.

An overview of GDPR and Scribe's Preparation

What is GDPR? The GDPR is a comprehensive data protection regulation that became effective on May 25, 2018. It superseded previous EU laws to bolster the protection of "personal data" and individuals' rights. It establishes a unified set of rules governing the processing and monitoring of EU data. Does It Affect Me? Most likely, yes. If you hold or process the data of any individual in the EU, the GDPR applies to you, regardless of whether you're based in the EU. How Scribe Prepared for GDPR Our teams dedicated significant effort to ensure GDPR compliance. This involved a major overhaul of processes and data models to meet our legal responsibilities, serve our customers effectively, and allow for agility and scalability in our product development.

Key steps we took include

Updating our Data Processing Agreements (DPAs) Meeting GDPR's strong data protection expectations was paramount. Our revised data processing agreement outlines our privacy commitments and defines the terms under which Scribe and our customers can achieve GDPR compliance. Customers can request and sign this document as needed. Appointing a Data Protection Officer We designated a Data Protection Officer to guide and oversee our data management practices. You can reach them at [privacy@scribe-mail.com](mailto:privacy@scribe-mail.com). Coordinating with Vendors We conducted a thorough review of our vendors to understand their stance on GDPR and executed Data Processing Agreements with them. Implementing New Security Protocols Security remains a top priority for Scribe. We undergo regular external audits, and penetration tests, and have established a stringent security framework. This framework has met International Compliance standards like SOC2. We also refined our internal access structures to ensure data access is limited to authorized personnel. Achieving Self-certification under GDPR In collaboration with our partner Secureframe, we continuously monitor our infrastructure to ensure persistent GDPR compliance. We've successfully completed all verification tests and provided the necessary evidence of compliance.