Over the last year, the European Union has passed additional regulations regarding the transfer and protection of EU personal data. The EU General Data Protection Regulation (GDPR) (2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU), including addressing the export of personal data outside the EU. The primary objectives of the GDPR are to protect citizens' personal data and simplify the regulatory environment for international business by unifying the regulation within the EU.
For over 18 years, Cvent has been committed to protecting the privacy and security of customer and attendee information, including processes and safeguards relevant to personal data. Cvent has implemented a very robust set of policies, procedures, and protocols in order to ensure that your and your clients' data remain safe and confidential, including using industry leading 256-bit encryption to secure all client data, both at rest and in transit, using two-factor authentication, and more. Cvent has demonstrated compliance with rigorous third-party security frameworks and standards including ISO 27001:2013, PCI DSS Level 1 and SSAE18 SOC 1 Type II. We will continue to seek additional certifications and accreditations that are important to our customers.
Another way we protect our clients, is by entering into Data Processing Agreements/Model Clauses with each of clients and sub-processors. These agreements permit our clients to continue to transfer data to Cvent without disruption and binds our sub-processors to data processing best practices. We have already implemented a new Data Processing Agreement that satisfies the GDPR requirements.
Cvent welcomes the new, robust requirements for data protection, security, and compliance that the EU-US Privacy Shield framework and EU GDPR brings.
We have closely analyzed the requirements of the Privacy Shield and GDPR and are working with recognized global data privacy experts and legal counsel to renew our processes, supplement our products, and update our contracts and documentation, all in an effort to support Cvent and you with the Privacy Shield and GDPR compliance. Utilizing Cvent's size and scale, we have deployed our nearly 1,000-member tech team, with more than a dozen directly involved in information security, to deliver the Privacy Shield and GDPR compliant infrastructure on time, while continuing to meet our customer's needs. On October 31, 2017, the US Department of Commerce approved Cvent’s Privacy Shield certifications. Cvent worked with TRUSTe to review and verify compliance with the EU-US and the Swiss-US Privacy Shield frameworks.
Further, Cvent will comply with the GDPR when it becomes enforceable on May 25, 2018. As we pursue compliance with the GDPR, Cvent will advise customers via established relationship and support channels of any significant changes to our products and services that may be relevant to them or impact the customer experience.
If you have any questions concerning Cvent's Privacy Shield and/or GDPR compliance efforts, please contact your Cvent account representative or:
Cvent Privacy Representative
1765 Greensboro Station Place, 7th Floor
Tysons Corner, Virginia 22102