In May 2018, Nuxeo appointed a Data Protection Officer. This person is based in Nuxeo’s Paris office and works closely with the company’s security and legal teams to ensure Nuxeo is in compliance with GDPR requirements. This is how we make sure to remain GDPR compliant at Nuxeo.
Using the Nuxeo Platform can also help you ensure a GDPR compliance in a timely manner.
As required by GDPR, Nuxeo has created a registry of processing activities that indicates for each process: the actors, the business goals that justify personal data being stored, the security measures to guarantee personal data security and integrity, etc.
More specifically, we list all processes linked to:
This is all made available to authorities upon request.
All the individual right requests are tracked in JIRA and linked to our internal GDPR platform. Individuals making a request will receive an email to acknowledge receipt of their request (within 48 hours) and a second email to confirm the request has been completed (within 30 days)
Personal data breaches are handled by the Nuxeo Security team, as part of the Nuxeo Security processes that are in place:
Nuxeo maintains a list of all its subcontractors. In addition to the security questionnaire each subcontractor completes, Nuxeo requests a Data Protection Addendum (also called DPA). It is an agreement between Nuxeo and The subcontractor that states that the subcontractor is compliant with GDPR requirements.
A Nuxeo GDPR awareness course is mandatory for all the Nuxeo employees.
[email protected] to contact the Nuxeo Data Protection Officer.
[email protected] to raise an issue related to data privacy or to exercise individual rights: