Gartner takes data protection very seriously. Our data protection/GDPR compliance program includes the following:
- GDPR-compliant internal policies and procedures.
- Privacy by design and default: Privacy by design requires organisations to take appropriate measures to integrate the GDPR's data protection principles into their operations whilst taking into account cost, context and risk. Privacy by default requires organisations, as a default position, to take appropriate technical and organisational measures to minimise data usage for each purposes for which is it collected. We’ve identified areas where privacy by design/default is required and have implemented appropriate processes to address privacy by design/default in the product life cycle.
- Processes and controls to protect individual rights: EU residents have a number of rights under the GDPR (including, but not limited to, the following: right of access, right of rectification, right to erasure (“right to be forgotten”), right to restrict processing, and the right to object to processing) that we are obliged to provide. We have reviewed and updated our internal processes ensure individual rights are respected.
- Updated vendor agreements: We have reviewed our current vendor agreements and have worked/are working with the applicable vendors to implement the necessary updates.
- GDPR Compliance monitoring: We will continue to regularly review and audit the security of our services and our compliance with our GDPR policies and procedures.
- Training: We provide all our associates and applicable contractors regular data protection training which covers applicable data protection requirements, including the GDPR. We have also provided role-specific data protection training for key teams and individuals.
- Maintaining records of processing: As required by GDPR, are maintaining a record of our processing activities.
If you have any questions about Gartner’s GDPR compliance program, please contact us at firstname.lastname@example.org.