GDPR Readiness

Background

The ‘General Data Protection Regulation’ (GDPR) came into effect in the European Union and the broader European Economic Area on May 25, 2018, providing a unified data protection legislation across all EU member states. There are increased restrictions on the handling of personal data and transfer of personal data outside of   the EEA, and companies processing personal data are required to take a measured approach on how they process and protect personal data. Taulia LLC. together with its affiliated group companies (“Taulia”) has taken the necessary steps to comply with the GDPR, and to support those of its customers that are subject to the GDPR in their own compliance efforts. The GDPR requires that companies take a risk-based approach in determining the appropriate protections to put in place, within the requirements of the law. Processing of personal data in the Taulia eInvoicing and working capital management solutions is very limited, and always within the B2B context. For the vast majority of data subjects, Taulia holds only their name and business email address. Nevertheless, the GDPR requirements for this, and any other personal data that is processed by Taulia, are taken into account during each processing step.

Schrems II

On July 16th, 2020, the CJEU has declared the EU-US Privacy Shield an invalid mechanism for transferring personal data from the E.U. to the U.S. To the extent that Taulia has relied on the EU-US Privacy Shield as the mechanism to transfer personal data across borders, Taulia will be converting to use of the EU Standard Contractual Clauses, or another approved transfer mechanism as a replacement for the EU-US Privacy Shield. In the meantime, Taulia intends to continue to maintain its status and compliance with the EU-US Privacy Shield Principles.

Compliance Highlights

Taulia has updated its Privacy Policy, which can be reviewed here

In addition, here are some of the steps we’ve taken to ensure our compliance with the GDPR and provide assurance to our customers:

Product Readiness

Taulia understands the enhanced GDPR personal data processing requirements and the importance of these measures to our EU customers. Data is core to our business and we place a high priority on protecting and managing such data according to the law. In alignment with the GDPR, Taulia has strengthened its processes to ensure rights of data subjects under the GDPR are fully respected.

Taulia possesses dedicated data processing instances and environments located in the European Union, which are deployed for buyers based in the EEA.

Taulia strives for transparency, to maintain security and build trust across our 1.5 million connected global supplier and buyer customers. Team members across Taulia departments continually collaborate on ever- evolving security best-practices, including the GDPR frameworks specifically focused on enhanced security and privacy requirements. This includes:

Security

Taulia is backed by stringent state-of-the-art security controls designed to protect your data. Specifically, cyber risk is taken very seriously at Taulia and is managed daily by our Director of Security and CTO. All employees are required to review and agree to Taulia’s strict IT Security Policies, which are annually reviewed to incorporate periodic updates. Taulia is also annually audited by third-party auditors for SSAE-18 SOC1 and SOC2 Type 2 compliance as well as annually audited by third-party auditors for penetration and vulnerability testing. Further, all data transacted by Taulia is always encrypted in-flight and at-rest via native ERP APIs.