Improve data privacy and GDPR compliance for your organization

Contact us

What is GDPR? Key Facts

The EU’s General Data Protection Regulation (GDPR) intends to standardize data protection legislation across the European Union (EU) and update current data protection laws.

Ed Brown of ThreatDown Legal explains the basics of GDPR.

GDPR applies to the European Economic Area (European Union states, as well as Iceland, Liechtenstein and Norway).

This impacts every entity that holds or uses European personal data both inside and outside of Europe.1

GDPR is based on the principle of good data governance. To achieve data privacy, organizations require ‘privacy by design’, ‘privacy by default’, and ‘accountability’.

Without undue delay and, where feasible, not later than 72 hours after having become aware of it.2

The law imposes stricter fines on companies mismanaging personal data or failing to appropriately protect it.

Any person who has suffered material or immaterial damage as a result of an infringement of the regulation shall have the right to receive compensation from the controller or processor for the damage suffered.3

GDPR mandates that organizations, including large enterprises, small & medium business (SMBs), and even sole proprietors reassess their data processing controls and implement a plan to achieve compliance.

GDPR took effect on May 25th, 2018.
You can read more at
https://www.eugdpr.org/eugdpr.org.html

ThreatDown believes that everyone has the right to a malware free existence.
Similarly, at the heart of GDPR is the belief that privacy is a fundamental right.

Complying with GDPR

GDPR compliance involves many stakeholders across the organization. A new role imposed by GDPR, the Data Protection Officer (DPO) is required to work closely with all stakeholders. No single technology or process will deliver compliance across the three regulation pillars – legal and compliance, technology, and data. Learn more about how to prepare for GDPR and better protect your organization’s data.

Related Articles

GDPR FAQs

What is the GDPR?

The GDPR is a regulation intended to standardize data protection legislation across the European Union (EU) and update current data protection laws. GDPR is based on the principle of good data governance. To achieve data privacy, organizations require ‘privacy by design’, ‘privacy by default’, and ‘accountability’. GDPR took effect on May 25th, 2018 and as a result, organizations, including ThreatDown, have reassessed their data processing controls and implemented a plan to achieve compliance.

How often do you anticipate updating your Privacy Policy?

We will update our Privacy Policy as necessary to ensure that our policies are in line with international regulations, our product and business practices.

When does ThreatDown collect my information and what is collected?

We may collect your information: (1) when you license and use our software (“Software Collection”); (2) when you interact with certain portions of our website, such as our forums, blogs, and support center (“Website Collection”); and (3) when you communicate with us by email, chat, or otherwise (“Dialogue Collection”). More information about what is included in Software, Website and Dialogue Collection can be found in detail in their corresponding Sections of our Privacy Policy

Does ThreatDown sell information to third parties?

No.

Can I opt out of sharing information to ThreatDown?

Yes, you may opt out of submitting certain types of personal information to ThreatDown; which may include usage and threat statistics. You may find information about such opt out process in the “Choice” section of our Privacy Policy.

How do I modify or delete my personal information?

You may access, modify or delete (subject to applicable law) the personal information associated with your use of our services at any time by updating your “My Account” information by navigating to my.malwarebytes.com, signing into your account and updated your personal information. Alternatively, you may contact us at privacy@malwarebytes.com.

How long does ThreatDown keep my information?

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.

How is personal information secured on ThreatDowns’ servers?

We take commercially reasonable measures to protect personal information from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can’t guarantee the absolute security of your personal information, but we do what we reasonably can to protect it.

Is ThreatDown using cookies or pixels to gather information?

Yes, ThreatDown and its partners collect information through “cookies” and other similar tracking technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. Cookies are text files saved by your browser when you log into our software or services. We may use both session cookies and persistent cookies to identify that you have logged in, to tell us how and when you interact with our software or services, and to check aggregate usage and web traffic. Unlike persistent cookies, session cookies are deleted when you log off and close your browser. If you prefer, you can always change your browser options to stop accepting cookies or to prompt you before accepting cookies. However, if you do not accept cookies you may not be able to access the entirety of our software and services.

What safeguards are in place for children who have access to ThreatDown products?

Our services are not directed to children under eighteen, and we do not knowingly collect personal information from children under thirteen. If we learn that we have collected personal information of a child under thirteen we will delete such information from our files as soon as possible, provided, however, that some information may remain in archived/backup copies for our records or as otherwise required by law.

How do I request to put in place a data processing addendum with ThreatDown?

As of May 25, 2018, our ThreatDown Software User License Agreement includes processing terms that address the GDPR’s contract requirements and therefore you will not need to put in place a separate data processing addendum.

How can I contact ThreatDown if I have questions regarding the ThreatDown Privacy Policy?

If you have any questions please send us an email to privacy@malwarebytes.com.

Sources

1https://www.pwc.com/jg/en/issues/changing-how-you-manage-personal-data.html
2http://www.privacy-regulation.eu/en/article-33-notification-of-a-personal-data-breach-to-the-supervisory-authority-GDPR.htm
3http://www.privacy-regulation.eu/en/article-82-right-to-compensation-and-liability-GDPR.htm