On May 25, 2018, the General Data Protection Regulation (GDPR), the EU's most in-depth privacy law in years, is in effect. The following document will give insight as to how Voyant is achieving complete GDPR compliance.

The GDPR will strengthen and standardize user data privacy across the EU nations, requiring new or additional obligations on all organizations that handle EU citizens' personal data, regardless of where the organizations themselves are located. On this page, we'll explain our methods and plans to achieve GDPR compliance.

• Preparation
• Security Infrastructure Standards and Certification
• Internal Data Transfers
• Data Portability Solutions and Management Tools
• Keeping Updated

Preparation

Our team has worked thoroughly to bring Voyant's product offerings and contractual commitments in-line with the GDPR's requirements. Customers will be able prepare themselves prior to May 25, 2018. Measures to achieve compliance include:

• Continuing to prioritize and invest in our security infrastructure
• Ensuring we have the appropriate contractual terms in place
• Guaranteeing we can continue to support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses through our updated Data Processing Addendum
• Product offerings, including new tools for data portability and data management

We will continue to track the guidance around GDPR compliance from privacy-related regulatory bodies, altering our plans respective to potential changes. We'll provide our customers with regular updates to keep them informed.

Our Security Infrastructure and Certifications

Protecting our customers' information and their clients' privacy is of paramount importance to us. As a cloud-based company entrusted with some of our customers' most valuable financial data, we set high security standards.

Voyant has worked to create a strong security team that can handle issues from threat detection to building new tools and a variety of other issues in between. Voyant will continue to meet its obligations and offer contractual assurances in accordance with GDPR requirements around security incident notifications.

International Data Transfers: Privacy Shield and Contractual Terms

In general, we do not transfer any data to the US, and are taking steps to never transfer EU/UK data to our US office workstations or servers.

Data Portability Solutions and Data Management Tools

Compliance-related tools Voyant has built include the following:

• Import and export tools. Businesses and organizations may access, import, and export their Customer Data.
• Client deletion tool, which helps advisers respond to user requests to delete client records.

Stay Updated

We're happy to help you prepare for all the changes the GDPR brings. This page will be changed to reflect GDPR-related information as it becomes available. If you have any questions about how Voyant can help you with compliance, please don't hesitate to reach out to us.