What is GDPR?
The General Data Protection Regulation ("GDPR") was enacted by the EU Parliament to "harmonize data privacy laws across Europe, to protect and empower all EU citizens and to reshape the way organizations across the region approach data privacy." The GDPR protects individuals who are under the jurisdiction of the European Economic Area ("EEA") and therefore applies to the processing of their personally identifiable information ("PII") by Itron, its customers, and its suppliers worldwide.
Itron and GDPR
Itron's privacy program identifies, inventories, and assesses
risks relating to the collection, processing, storage, analysis,
and transfer of PII of its employees, customers, and end-users,
including individuals who are within the jurisdiction of the EEA
and subject to the GDPR. For these purposes, Itron maintains and
maps records of data processing activities and assets. Itron
also produces data privacy impact assessments
("DPIAs") as warranted.
Itron has created and implemented appropriate technical and
organizational measures ("TOMs") to protect
confidential information, including PII, and ensure the
security, integrity, and availability of Itron's products and
services. Itron pursues privacy-by-design, as set forth in the
GDPR, throughout its network architecture and solutions from end
to end, supporting its policy of establishing systems that
ensure data protection from the outset, rather than as an afterthought.
Itron pursues the best practices set forth in the Generally
Accepted Privacy Principles ("GAPP") framework. These
practices include, but are not limited to, identity access
management, disaster recovery and business continuity,
information security training of all Itron personnel, and a
documented incident response program. In addition, Itron
maintains business policies and procedures to ensure the
continued safety and security of its facilities, systems, and
data, including physical protection mechanisms.
Itron's business processes and procedures align to a broad
set of reference information security control frameworks that
include but are not limited to ISO-27001 and SOC 2 Type 1 and
Type 2. Itron regularly tests its internal systems, operations,
and customer and end-user interfaces to ensure that it can
rapidly and effectively identify, manage, and respond to risks
as they arise.
If you have any questions, please contact Itron's Global
Privacy Office at privacy@itron.com.