At NinjaOne, We Protect Customer Privacy. It’s Just Good Business.

Logos: NinjaOne, HP, Cisco, Apple, IBM, Oracle, SurveyMonkey, Zendesk

When the GDPR became enforceable for any company with either European customers or employees on May 25, it became the source of intense consternation in some C-suites.

Within 24 hours, both Google and Facebook were slapped with lawsuits that threaten over $8 billion in damages.  In April 2018, Harvey Nash and KPMG found that 38% of tech execs worried that they would not be GDPR compliant by the May deadline, and a survey of attendees at Infosecurity Europe conference in August 2018 found that 28% of organizations still did not consider themselves fully compliant.

But for Andre Schindler, NinjaOne’s General Manager for EMEA, fleshing out the company’s privacy and GDPR policies was an opportunity to be transparent with customers.

“The whole idea of GDPR is to help people understand what happens with their data,” Schindler says.  “Don’t hide it in complicated terms, don’t hide it in the end-user license agreement (EULA) somewhere on page 15.  Simply tell them what happens with their data.” 

Schindler retained the services of the respected privacy consultants at TrustArc to assess NinjaOne’s data processes.  Headquartered in San Francisco, TrustArc assists more than 1,000 companies around the world with privacy, compliance and risk management.

In Good Company

Selected tech firms that have retained TrustArc for privacy compliance and risk management

“We wanted to have an independent contractor to look at all of the things we’re doing, and make sure we’re not forgetting anything,” Schindler says.

After obtaining NinjaOne documents and performing interviews with staff, TrustArc identified the types of personalized data that the company accrues, insuring that it was truly necessary to provide service to customers.  TrustArc also confirmed that NinjaOne had robust procedures for European customers to get their data assessed, altered, corrected, or deleted. The review of GDPR procedures also examined the security regime, including physical protections at data centers, the strength of encryption algorithms and firewalls, and network security protocols.

Ultimately, the Ninja GDPR policy boils down to clear disclosure about what the company does with user data, as well as procedures in the event that a European customer wants to review personally-identifiable user data or have it deleted.  This is particularly important for a SaaS company like NinjaOne that relies on prospective customers providing contact info to sign up for demos or for service.

In keeping with GDPR rules, customers actively opt-in before a company can use their data to contact the person.

And, if the person signs up for service, personal data and financial details will be transmitted by TLS encryption and then stored in a data center protected by AES-256 encryption, automated backups, human employees who use two-factor authentication, and fire suppression systems. Ninja also participates in the EU-US Privacy Shield framework, which replaces the previous International Safety Harbor Privacy Principles.

“We keep data very close, and only share where technology requires us to share,” Schindler says.

NinjaOne only integrates with third-party technology partners that have also achieved GDPR-compliance, such as the antivirus tool Webroot or remote access company TeamViewer.  And if an E.U.-based MSP, or an MSP that has customers in Europe, ever wants to see what personally-identifiable NinjaRM has collected, or have that data deleted, the company merely needs to contact the company at [email protected].

“Data privacy is not there to be sold —  nor should it be a new concern just because GDPR came into being,” Schindler says.  “Data privacy and the security of customers must be a fundamental part of any company’s goals.”

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).