Wrike takes cybersecurity and data protection very seriously. We’re currently taking steps to ensure we maintain secure and compliant systems for our European customers under GDPR.
The EU General Data Protection Regulation (GDPR) is a new privacy regulation replacing the 1995 EU Data Protection Directive. It will go into effect on May 25, 2018, and introduce additional data privacy rights for individuals, including regulations for how data is collected, used, shared, and secured.
In response, Wrike will continue to:
- Invest in our security infrastructure
- Work with third-party vendors to ensure we have the appropriate contractual terms in place
- Maintain our Privacy Shield self-certifications to support international data transfers
- Create product features with new tools for data portability and data management
We receive the latest GDPR compliance guidance from proper regulatory bodies and will make adjustments as needed. We will keep you up to date on any changes we make.
Learn more about Wrike’s investment in security and privacy, including 2-step verification, automatic backups, file encryption at rest, and other comprehensive security features and practices.
Wrike’s Data Management Tools and Portability Solutions for Customers
In an effort to help our customers be self-compliant with GDPR, here are a few tools that will help in your data requests related to accessing, rectifying, and forgetting personal data:
- Data import and export tools. Wrike customers can access, import, and export their customer data as well as create account backups in a few simple steps.
- Remove user tool. Account admins can delete a user’s personal information upon request.
- Account management. Wrike allows account admins to access and update your team’s plan and settings and manage billing information. Other non-admin users also have the ability to update their profile, change linked email addresses, and customize notifications.
Data Protection Is an Ongoing Priority
Wrike invests in a privacy and security program to protect customers’ data. We believe building a robust privacy and security program is the first step to reinforcing customers’ confidence in how we value, treat, and protect their data.
In October 2016, Wrike announced a new data center in Amsterdam to provide European businesses an option to manage work in the cloud while storing their corporate data in the EU. As more businesses adopt collaboration and cloud tools across Europe, we will continue to invest in our European market as we expand our initiatives internationally.
In April 2017, Wrike became certified under the Swiss-US Privacy Shield Framework. In September 2016, Wrike was among the first companies to be certified under the new EU-US Privacy Shield Framework. The certifications reaffirm Wrike’s commitment to transparency when handling our customers’ personal data, and add data protection requirements for transferring personal data between the European Union and the United States.
Companies based in the US must meet criteria developed by the US and EU to become Privacy Shield certified. These include having a well-defined privacy policy as well as recourse and verification methods.
Our Security Infrastructure and Certifications
Wrike is independently certified with AT 101 SOC 2 (Type II) for Security and Confidentiality principles, confirming Wrike takes appropriate steps to protect its systems’ and customers’ data. In addition, Wrike is a member of the Cloud Security Alliance (CSA), and the result of our Security, Trust & Assurance Registry (STAR) Level One assessment is published on the CSA website.
Wrike hosts our servers in locked cages within data centers located in the US and EU:
-
- Our Trusted Data Center in the US is compliant with SSAE 16 Type II and ISO 27001 standard, and is located in San Jose, California.
- Wrike's European Data Center is hosted in Amsterdam, Netherlands, and is also compliant with ISO 27001 and ISAE 3402 standards (equivalent to SSAE 16). This data center is isolated and retains customer and sensitive data within the EU only.
- All server and network components are constantly monitored by internal Wrike staff and our colocation providers. Wrike's Disaster Recovery infrastructure resides in Google Cloud Platform for both US and EU regions, having great scalability and security with SSAE16 / ISAE 3402 Type II, ISO 27001, FedRAMP, PCI DSS, HIPAA, and other certifications.
Learn more about our enterprise-grade security here.
Protecting the privacy and security of our customers’ information is a top priority, and compliance is essential to this mission. We’ll continue to notify you as we evolve our procedures and policies to fit within the changing regulatory landscape.
Have a question that we didn’t address? Feel free to email us at [email protected].