Turnitin, a company at the forefront of academic integrity solutions for 20 years, announced today its commitment to stringent data privacy practices and compliance with the European Union’s (EU) General Data Privacy Regulation (GDPR). The GDPR represents the most comprehensive shake-up of data protection law in the EU in over 20 years; it sets exacting conditions on the use, process, and export of personal data.
Turnitin technology and data privacy practices are continuously held to rigorous standards. Although Turnitin technology was already in compliance with the GDPR, the company dedicated additional resources to further evaluate and update systems and processes in light of the new regulations. Specific steps taken include an improved Privacy Center and amendments to the Turnitin Terms of Service, which is incorporated into customer Registration Agreements. The new Terms of Service includes mandatory GDPR provisions so that customers—who must also be GDPR compliant—will not need to take additional actions with their agreements. To transfer data, Turnitin already used the GDPR-approved safeguards, such as the EU Model Clauses and the EU-US or Swiss-US Privacy Shield, for which Turnitin is fully certified.
Demonstrating a further commitment to privacy and security, Turnitin is also undergoing a SOC 2 (Service Organization Control) Type 1 and Type 2 audit with an independent CPA firm. With an additional emphasis on privacy, Turnitin’s SOC 2 report will detail the controls of the systems used to process data and describe the security and privacy of that data. Having successfully completed the SOC 2 Type 1 audit, Turnitin is now into their SOC 2 Type 2 audit period, targeted for completion in Q4 2018. Turnitin’s GDPR compliant technical and organizational measures, in conjunction with the SOC 2 audit, demonstrate its focus on high quality standards around data privacy.
“Data protection requires continuous vigilance and management to not only meet obligations like the GDPR, but also to forecast future needs as the typical individual’s digital footprint grows,” said Giles Kerrush, International Commercial & Legal Manager and Data Protection Officer at Turnitin. “Turnitin is dedicated to protecting privacy and data integrity for individuals and for the educational institutions who entrust us with helping support academic integrity and authentic writing.”
“At Turnitin, we believe that data security is essential to our commitment to academic integrity,” said Jack Roehrig, Turnitin Chief Information Security Officer. “The SOC certification is the beginning of a greater initiative to assess and continuously secure our platform and the sensitive data therein. To confirm we are taking privacy in the correct direction, we included the privacy criteria in our SOC audit.”
Read more at https://go.turnitin.com/turnitin-and-gdpr.