The European Union’s (EU) General Data Protection Regulation (GDPR) protects the personal data of EU residents by mandating standards for processing, using, and storing their data. For the last several years, Esri has taken steps to update our products, policies, and processes to ensure privacy and security are further built into our products as part of our commitment to complying with GDPR. While GDPR targets EU residents, all of our customers “win” as we have implemented improvements across our customer-base, independent of location.
CONSENT – If you’ve been browsing Esri webpages lately, you have likely come across our new cookie consent banner at the bottom of a page which allows you to opt-in to Targeting cookies. For our products and services, we avoid utilization of Targeting cookies as described in our Products & Services Privacy Statement Supplement. It is important to realize that while cookie consent is one of the more visible changes, it is only a very small slice of GDPR.
COMPLIANCE – Esri is Privacy Shield certified and ArcGIS Online currently has a FISMA authorization in place, soon to be FedRAMP authorized. ArcGIS Online customers will appreciate that new organizations have their data encrypted at rest and encrypted in transit by default. We are working to ensure existing organization datasets are encrypted at rest this year and will provide an announcement when that effort is complete.
GUIDANCE – We will be releasing an ArcGIS platform GDPR/Privacy Best Practices Whitepaper very soon, and even an ArcGIS Online Security Best Practices validation tool. For organizations planning to use ArcGIS Online with EU personal data, we have a Data Processing Addendum readily available – which you can readily find in the ArcGIS Trust Center document repository by filtering to Privacy related items. I could go on, but figured it was worth highlighting some of our improvements and where we are headed, including helping our customers with their GDPR demands. As always, we welcome your feedback concerning our security & privacy efforts – SecureSoftware@Esri.com
– Esri Security Standards & Architecture Team