FME Takes Privacy Seriously

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in two decades. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

The FME cloud platform is committed to compliance with applicable GDPR regulations as a data processor. We are fully committed to enable, and assist in any way, our clients, the data controllers, with complete control of their private data, in order for them to meet their GDPR obligations.

Ongoing Status
We have addressed GDPR data protection requirements that are applicable to data processors and will continue to be vigilant, to ensure we handle any developing requirements.

Data processing
Our ability to fulfill our commitments as a data processor to our clients, the data controllers, is a part of our compliance with GDPR where data controllers are using FME to process personal data.  FME will continue to ensure we’re doing the maximum to protect data and improve our processes and procedures.

Controls
We regularly review our Information Security Policy and related work plans to ensure that they take into account all requirements, confirming we’re fulfilling our obligations to GDPR as a data processor.

Our clients depend on us to protect their data. Only a limited number of roles within FME are authorized to access client data and then only when necessary, according to strict guidelines and documented actions. We implement information security best practices including end to end encryption for data transfer.

Data Protection
In keeping with GDPR, appropriate measures are assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, state of the art technologies, and the nature of the processing. These measures include data anonymization and encryption. Regular testing of the effectiveness of all security measures is an ongoing process.

Third-Party Processors
FME’s cloud platform runs on Amazon Web Services. The European Union (EU) data protection authorities known as the Article 29 Working Party has approved the AWS Data Processing Agreement (DPA), assuring customers that it meets the high standards of EU data protection laws.