Voltar 
While customers, as data controllers, are responsible for conducting due diligence to ensure compliance with cross-border data transfer legislation, Netskope supports compliance by leveraging a range of organizational, legal, and technical safeguards. Importantly, Netskope does not rely solely on the European Commission’s adequacy decisions for data transfers. Even when transferring data to countries covered by adequacy decisions, we implement additional safeguards, such as Standard Contractual Clauses (SCCs) and other mechanisms, to enhance the protection of personal data. These safeguards also apply to data transfers involving non-adequacy decision countries.
Netskope undergoes annual SSAE 18 SOC 2 Type 2 attestation through an independent, third-party auditor, and has done so annually since the company launched in 2012. Additionally, Netskope has ISO 27001, ISO 27017, ISO 27018, CSA STAR, ENS (Spain), UK Cyber Essentials certifications, and C5 (German) attestations. These international standards outline best practices for information security management systems and the protection of personally identifiable information in the cloud.
Netskope can also provide a Data Processing Addendum (DPA), which includes the latest European Commission Standard Contractual Clauses (SCCs). Netskope’s DPA includes the UK addendum, and its SCCs have been approved by the European Commission. Netskope is obligated under the SCCs to notify its customers in the event it is made subject to a request for government access to customer personal data from a government authority. In the event that Netskope is legally prohibited from making such a disclosure, Netskope is contractually obligated to challenge such prohibition and seek a waiver. A copy of Netskope’s DPA can be found here: https://www.netskope.com/resources/data-sheets/netskope-data-processing-addendum
Netskope also ensures compliant cross-border data transfers by participating in, and certifying its compliance with, the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension of the EU-U.S. Data Privacy Framework. Whenever data is shared with Netskope’s sub-processors, Netskope will remain accountable for how it is used. Netskope requires all service providers to undergo a thorough cross-functional diligence process by subject-matter experts in our Security, Privacy, and Risk & Compliance Teams to ensure our customers’ personal data receives adequate protection. This process includes a review of the data Netskope plans to share with the service provider and the associated level of risk, the supplier’s security policies, measures, and third-party audits, and whether the supplier has a mature privacy program that respects the rights of data subjects. We provide a list of our sub-processors on our sub-processors page.
Netskope provides data security and privacy training to all of its staff. And Netskope has developed privacy policies based on privacy by design principles that we employ internally. Please refer to Netskope’s Privacy Policy for further information.
Together, these mechanisms give our customers confidence that any cross-border transfers of their data are aligned with applicable privacy legislation.