GDPR and Privacy
In May 2018 the EU General Data Protection Regulation (GDPR) replaces the existing patchwork of EU National Data Protection legislation and brings a level of consistency to data and privacy protection in the EU. Even prior to the implementation of GDPR, NETGEAR recognized the worldwide importance of privacy, security, and data protection to our customers, partners, and employees.
We have a cross-functional approach to privacy governance, which covers all areas of the company and includes customer, partner, and employee data. The legal, customer care, IT, HR and Engineering teams meet on a regular basis to help guide, design, and develop products and systems from the ground up to protect data and privacy. NETGEAR has a Board of Directors’ Cybersecurity Committee that is tasked with the oversight and monitoring of NETGEAR’s privacy and data security and regularly engages with outside experts regarding various privacy issues including privacy by design and encryption. NETGEAR has an active cybersecurity program and to make sure information is secure, we strictly enforce privacy safeguards within the company. This means we use access management and access controls commensurate with the risk to data to ensure access to data is associated with a business need, such as providing customers with support.
Specifically, as part of our EU General Data Protection Regulation (GDPR) work, we have assessed, and continue to assess, our major processes, products, and services. In particular, we have:
- rewritten our privacy policy which is posted on our website;
- improved processes to help ensure data transparency, accuracy, accessibility, completeness, security, and consistency;
- mapped our data and identified what we have, what we are doing with it, where it is, where it flows, and who has access to it;
- assessed the privacy and data security risks and strengths in our enterprise systems and products;
- implemented data incident response teams and processes;
- implemented additional third-party controls, vendor oversight, monitoring, audit, and remediation requirements; and
- embedded privacy and security requirements in the product development cycle.
In addition, all NETGEAR employees are required to take training on Privacy and Security.
Finally, NETGEAR complies with all applicable laws that require notification about data security incidents. That means we conduct prompt investigations and analysis, so that we can provide notification in a timely manner if necessary. We are also committed to providing customers that have been impacted by an incident with appropriate assistance, which may include information about support from NETGEAR or advice on steps customers can take to reduce the risk of harm.