Understanding GDPR

The General Data Protection Regulation (GDPR) came into effect this year and, like many organizations, you’ve probably conducted an internal GDPR audit to assess both your internal processes and the compliance of your key suppliers.

Huddle has a long history in security, and we work hard to build trusted relationships with our clients. Not only were we one of the first cloud collaboration providers to achieve government accreditation in both the UK and the U.S., but we continue to invest in meeting the requirements of many of the industry’s most widely recognized security standards including ISO 27001:2013, CyberEssentials Plus and FedRAMP.

Huddle became fully compliant with the GDPR from 25th May 2018.

Security 01 0 1

Data Controller vs Data Processor

Because you own the data; you, the client, are the data controller. This means you will have certain obligations to meet under GDPR. For example, how you are using personal data stored in Huddle across your wider business operations. Personal data may include your customers’ information being stored in Huddle, or personal information contained within Huddle user profiles.

As your trusted cloud collaboration solution, Huddle is a data processor. We have an obligation to store your data securely, and to provide a service that allows you to comply with the GDPR. For example, providing the ability to respond to requests from data subjects to correct or delete personal data.

Huddle Responsibilities

Whether you are using Huddle to store customer information, or you want to ensure your own employee (Huddle user) data is protected, Huddle supports GDPR compliance in the following ways.

  • Encryption: Huddle protects all data in transit with the TLS 1.2 protocol which utilizes strong ciphers capable of up to 256 bits. Customer’s file content can be protected by 256-bit AES data at rest encryption.

  • A resilient service: Our services are architected for multiple levels of redundancy. This allows for multiple service failures while still being able to provide a service to clients. Huddle service availability is continuously monitored by third-party partners.

  • Breach Communications: In the event that data is breached while it resides in Huddle, we ensure that affected individuals and relevant supervisory authorities are communicated to within 72 hours of a breach being detected.

  • Administrative rights: The Huddle service provides a rich permissions model and strong access controls. Our administrative functionality provides customers with a simple means for the amendment and removal of user’s profile information.

  • Auditability: Huddle services are built to allow user and data activity actions to be time-stamped and logged. This allows client administrators to quickly report against data activity should an audit (or request for data erasure) be required.

  • Validated suppliers: We validate all third-party suppliers, including our hosting partners, to ensure they too will comply with the GDPR.

  • Documented Privacy Statement: It’s important that users are confident in using Huddle. Our Privacy Policy is written to be clear and simple to understand. It can be read here.

Client Responsibilities

The GDPR sets out to harmonize data privacy laws for EU residents. As the data controller, you are responsible for meeting obligations surrounding the capture, use and management of an individual’s personal data. This may include your customer’s information and information relating to your own employees.

When using Huddle, there are several features that you can take advantage of to further protect yourself.

  • Session time-outs: Huddle can be configured to log-out users after a set period of inactivity. Use this feature to address confidentiality concerns about your data. When enabled, this setting is applied automatically across all of your users.

  • Two-factor Authentication (2FA):  Huddle supports 2FA. When activated, users will be sent a six-digit verification code via SMS to their registered mobile device during login. Use this to add an additional layer of identity verification for your Huddle users. Learn more.

  • Mobile Passcodes: If your users use the Huddle mobile app, set an additional layer of security by enabling the mobile passcode feature. With the feature enabled, every time the app is opened, users will be required to enter a four-digit passcode. Learn more. 

  • Single Sign-On: Huddle supports SSO. When enabled on your account, users will be able to log in via your existing identity provider. Learn more. 

Ongoing Commitment

Huddle has formed a cross-functional GDPR compliance team. The team is responsible for ensuring all aspects of Huddle's operations meet the requirements of GDPR; from how we manage our own data, to auditing suppliers, and building features that support or client's GDPR requirements.  

If you have any further question, please read our security whitepaper, or visit our privacy policy