Since May 25, 2018 (and even beforehand) monday.com has been complying with the GDPR. For those who are not familiar with it, the GDPR is the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive. The GDPR aims to strengthen the security and protection of personal data in the EU.
We thought it would be a good time to update you guys with the most frequently asked questions about this new regulation.
Is monday.com GDPR compliant?
Yes. monday.com is compliant to the extent required on or before May 25, 2018 and will continue to comply on an ongoing basis. You can learn more about Monday and GDPR at www.monday.com/terms/gdpr
Where does monday.com host its customer data? (or) Is monday.com able to restrict data hosting and processing within the EU?
monday.com hosts its customer data in Amazon Web Services (AWS) data centers in the US and as for January 2021, in Germany.
Customers who wish to have their data processed within the EU will have the option to specify it as their data region of choice. Once specified, we will create a unique account for that customer. The data connected to that account will be stored in our EU data center in Germany and never backed up or replicated to a server elsewhere.
Please note: only Enterprise customers on the EU Data Region will have their Customer Data solely physically hosted within the EU Data Region. This includes sub-processors that we use to provide certain functionalities in our platform that will store your data in an EU Data Region. To view the sub-processors in use in the EU Data Region, click here.
Additionally, as part of our GDPR compliance, we offer a Data Processing Addendum (“DPA”) in which we commit to protect your data in accordance with the GDPR. You can review monday.com's DPA at www.monday.com/terms/dpa. If you need a signed copy of this DPA, you can download it, send a signed copy to email@example.com and we’ll provide you a countersigned copy.
Does monday.com offer a Data Processing Addendum (DPA)?
Monday.com offers a Data Processing Addendum (“DPA”) in which we commit to protect your data in accordance with the GDPR. You can review monday.com's DPA at www.monday.com/terms/dpa. If you need a signed copy of this DPA, you can download it, send a signed copy to firstname.lastname@example.org and we’ll provide you a countersigned copy
Does monday.com have to have a Data Processing Officer (DPO) appointed?
Yes. monday.com has appointed Privacy veteran Aner Rabinovitz as its Data Protection Officer, for monitoring and advising on monday.com's ongoing Privacy compliance and serving as a point of contact on Privacy matters for data subjects and supervisory authorities. Aner Rabinovitz may be reached at email@example.com
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.