You are here

Trustworthy and Safe

Apptio’s world-class security measures are designed to protect and serve our customers

a

GDPR

The EU General Data Protection Regulation (“GDPR”) will go into effect May 25, 2018 and usher in the most sweeping set of data protection, privacy and data transfer regulations to date. If a company uses third party data processors to collect, transmit, host or analyze personal data of EU citizens, the GDPR requires the company use processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. 

The Apptio branded products, and the processing of customer data within the Apptio branded products, are compliant with the GDPR.  To formalize this commitment, we have added the Apptio EU General Data Protection Regulation Provisions to our contractual commitments to our customers.  Among other things, these terms obligate Apptio to:

  • Process personal data based on customer instructions or applicable laws
  • Ensure that personnel accessing personal data are subject to confidentiality duties
  • Apply technical and administrative measures to protect personal data
  • Assist customers in responding to requests from individuals about their personal data
  • Assist customers in fulfilling their legal duties including regarding notification of data breach
  • Delete personal data at the conclusion of the contracted services except where retention is required or permitted by law
  • Provide customers with information required to fulfill regulatory and audit obligations
  • Obtain customer consent when engaging a subprocessor to process personal data in connection with the Apptio branded products.  If you are a current customer you are invited to review the list of subprocessors available and obtain updates via the mechanism described on that page.

We encourage you to review these commitments.  They represent a coordinated effort within Apptio to ensure we not only comply with applicable regulation, but also that we maintain our ongoing compliance, security and privacy efforts in general.  We consider the GDPR to be a welcome development and look forward to our continued collaboration with our customers and suppliers towards ensuring the regulations and principals they represent are observed.