GDPR Compliance

TestCraft is committed to protecting the privacy of its customers and invests efforts in safeguarding customers’ personal data by applying industry standard security practices and data management processes.

TestCraft acknowledges the importance of the General Data Protection Regulation (GDPR) enacted by the European Union and has undertaken a series of steps to ensure compliance with its requirements.

A Data Protection Officer (DPO) was appointed to oversee current and future data management and security processes and to ensure they all comply with GDPR where applicable.

A detailed action plan covering GDPR requirements has been established with many of the warranted processes being already in place. TestCraft is aiming to make the required adjustments in both internal and external processes as required by GDPR.

The efforts are focused on four main areas:

Data Security

TestCraft implements a comprehensive approach to data security, encompassing advanced authentication, access control and data confidentiality among other things.

TestCraft utilizes industry standard, production-grade data storage and security solutions and incorporates common security best practices. Data storage is backed up frequently and on a regular basis, with both main storage and backup encrypted at rest and in transfer.

In cases where internal operations entail the involvement of sub-processors (e.g., Amazon Web Services, HubSpot CRM, etc.), TestCraft obtains a signed Data Processing Addendum (DPA) from each sub-processor and verifies compliance with the same data security and privacy standards.

Data Management

TestCraft sets out to establish an organizational data management and usage process that accommodates GDPR requirements, with an emphasis on personal data. As part of this process TestCraft is implementing new guidelines for data collection, administration, storage and protection.

Product Development

In TestCraft, the product design and development processes include integral review checkpoints for data usage and privacy.

Training

The TestCraft employee training program includes periodical security training sessions, as required by our ISO 27001 certification. TestCraft is implementing a new training program designed to accommodate the adjustments warranted by GDPR requirements and includes dedicated data management and protection training specific to employees with access to personal data.

For any questions concerning GDPR and data management in TestCraft, please contact merav@testcraft.io.