ISMS Copilot is GDPR compliant

We are excited to announce that ISMS Copilot, the AI-powered assistant for ISO 27001 compliance, is now fully compliant with GDPR. Our EU-specific version offers enhanced data protection by storing data in the Netherlands and processing it in Sweden, ensuring all personal data remains within the EU.

Key Features of ISMS Copilot’s GDPR Compliance:

1. EU Data Localization & Processing: All data is stored on AWS servers in the Netherlands, processed on servers in Sweden, and fully GDPR-compliant. This means that all personal data handled by the EU version of ISMS Copilot remains within European jurisdiction, ensuring your sensitive data is subject to EU laws and regulations.
2. 30-Day Data Retention: To minimize risks, all conversation data is retained for only 30 days, after which it is permanently deleted. This aligns with GDPR’s data minimization principle, ensuring that no excess data is stored longer than necessary.
3. Transparency & User Rights: We have developed clear processes that enable transparency with data subjects, allowing them to exercise their rights under GDPR (access, correction, erasure, etc.). Users are fully informed of how their data is used and processed, in line with GDPR’s requirements for transparency.
4. Purpose Limitation: Data is only processed for specific, legitimate purposes, and we never use data beyond the scope of what users have consented to. Purpose limitation ensures your data is always handled appropriately, with no unexpected usage.
5. DPIA, TIA, and SCC: We conduct Data Protection Impact Assessments (DPIA) and Transfer Impact Assessments (TIA) to evaluate privacy risks. For any data transfers involving our U.S.-based providers, we have established Standard Contractual Clauses (SCC) to ensure that all international transfers meet GDPR standards.
6. Technical & Organizational Measures: Advanced encryption, access control, and security audits ensure your data is well protected. Our technical measures align with GDPR’s requirements for securing personal data.

EU and U.S. Versions: Flexibility for Our Users

It’s important to note that while the EU-specific version ensures that all data remains within the European Union, ISMS Copilot continues to offer its U.S.-based version. For EU customers dealing with non-sensitive data or who prefer different data handling policies, the U.S. version remains an option. The U.S. version operates under a different set of data retention and storage policies, providing users with flexibility depending on their business needs.

Whether you choose the EU version for GDPR-compliant data handling or opt for the U.S. version, ISMS Copilot remains committed to safeguarding your information and helping you manage ISO 27001 compliance efficiently.

To learn more or to start using ISMS Copilot, visit our Trust Center.