Skip to content
Blog

>

Inside DNAnexus

GDPR Compliance – What you need to know

Loren Buhle Author

 

 

 

 

GDPR

DNAnexus is updating our Data Processing Addendum to reflect the General Data Protection Regulation (GDPR) that comes into effect on 25-May-2018.  This is a major regulation impacting the collection, use and retention of personal information for all citizens of countries belonging to the European Union. While DNAnexus is a Data Controller for the information users place on our system to enroll and use the DNAnexus Platform, our primary role is a data processor of data uploaded to our Platform by our Customers.

The scope of GDPR is any personal information from citizens of countries belonging to the European Union. If you use data originating from these citizens (regardless of where the citizen physically resides), it is covered by GDPR. If you collect this personal information,  you need to ask its origin.

Our new Data Processing Addendum (“DPA”) can be accessed here. The DPA is a contractual agreement between our customers and DNAnexus focusing on how DNAnexus handles personal identifying information originating from citizens of countries belonging to the EU. Our DPA will become effective coincident with the effective date of GDPR on 25-May-2018.

If you have users or data from citizens of countries that are part of the EU, we recommend you review your Consent Policies to make sure they are compliant with the new regulations outlined in the GDPR. For example, do your consent forms clearly describe the intended use of the data, provide a mechanism for the citizen to correct, obtain a personal copy or request removal of their information? Do you have a process for tracking requests, providing responses in a timely fashion, and providing evidence that you have met your obligations?

Learn how DNAnexus can help

DNAnexus works with our customers to understand the impact of privacy on genomic analysis, the regulatory requirements of storing sensitive data within specific geographic regions and moving these data across jurisdictions. The DNAnexus platform provides specific capabilities to help you be GDPR compliant quickly and painlessly.  We share the benefits and challenges of these experiences with you to help you manage your risks in an ongoing and predictable fashion. From initial assessment to implementation, we’re here to help you achieve your goals.

Section 11.2 of DNAnexus’ amended privacy policy at www.dnanexus.com/privacy provides specific details of how DNAnexus addresses GDPR.

If you have any questions about this update or GDPR, please don’t hesitate to reach out to your account team or contact us through Support@dnanexus.com.

Experience DNAnexus

Move Beyond Genomics