Data Protection

GDPR, CCPA, and international data protection compliance

Global Data Protection Framework

Daily Event Insurance maintains comprehensive compliance with global data protection regulations including GDPR (EU), CCPA/CPRA (California), PIPEDA (Canada), and other international privacy laws.

Our data protection framework ensures that customer information is handled with the highest standards of security and privacy, regardless of where the customer is located or where the data is processed.

Regulatory Compliance

🇪🇺

GDPR

General Data Protection Regulation

CompliantEuropean Union

Key Requirements:

Lawful basis for processing personal data

Data subject rights (access, deletion, portability)

Data protection impact assessments

Privacy by design and default

Mandatory breach notification (72 hours)

Appointment of Data Protection Officer

🇺🇸

CCPA

California Consumer Privacy Act

CompliantCalifornia, USA

Key Requirements:

Right to know what data is collected

Right to delete personal information

Right to opt-out of data sale

Right to non-discrimination

Enhanced privacy notices

Annual privacy audits

🇺🇸

CPRA

California Privacy Rights Act

CompliantCalifornia, USA

Key Requirements:

Sensitive personal information protections

Right to correct inaccurate data

Risk assessment requirements

Contractor/service provider obligations

Automated decision-making disclosures

California Privacy Protection Agency oversight

🇨🇦

PIPEDA

Personal Information Protection Act

CompliantCanada

Key Requirements:

Consent for collection and use

Limiting collection to necessary data

Accuracy of personal information

Safeguards for data security

Openness about policies

Individual access rights

GDPR Core Principles & Implementation

Lawfulness, Fairness, Transparency

Clear privacy notices, lawful basis documented, transparent processing

Purpose Limitation

Data used only for stated purposes, no secondary uses without consent

Data Minimization

Collect only necessary data, regular reviews of data needs

Accuracy

Processes to correct inaccurate data, customer self-service options

Storage Limitation

Defined retention periods, automated deletion processes

Integrity and Confidentiality

Encryption, access controls, security monitoring

Accountability

DPO appointed, DPIA processes, compliance documentation

International Data Transfer Mechanisms

Standard Contractual Clauses

EU Commission approved contracts for international transfers

Applies to: All EU to non-EU transfers

Adequacy Decisions

Transfers to countries with adequate data protection

Applies to: Canada, UK, Japan (limited)

Binding Corporate Rules

Internal data transfer policies for multinational organizations

Applies to: Intra-group transfers

Explicit Consent

Customer consent for specific international transfers

Applies to: Individual transactions

Data Breach Response Protocol

Detection (0-4 hours)

Identify and contain the breach
Assess scope and data involved
Activate incident response team
Document initial findings

Assessment (4-24 hours)

Determine number of affected individuals
Evaluate risk level to data subjects
Identify root cause
Begin remediation

Notification (24-72 hours)

Notify supervisory authority (GDPR: 72 hours)
Notify affected individuals if high risk
Coordinate with law enforcement if needed
Update stakeholders

Remediation (Ongoing)

Implement security improvements
Provide support to affected individuals
Conduct post-incident review
Update policies and procedures

Partners must report any suspected data breaches immediately. Contact our security team at security@dailyeventinsurance.com or call our 24/7 security hotline at 1-800-SECURE-1.

Partner Data Protection Obligations

As a data processor, partners have specific obligations under data protection laws:

Act as data processor under our instructions

Implement appropriate security measures

Assist with data subject rights requests

Notify us of any data breaches within 24 hours

Only process data for specified purposes

Maintain records of processing activities

Cooperate with regulatory investigations

Delete or return data upon contract termination

Certifications & Audits

🔒

SOC 2 Type II

Annual audit

🇪🇺

GDPR Compliant

DPO appointed

🛡️

ISO 27001

In progress

Data Protection Questions?

Contact our Data Protection Officer for compliance questions

Email Data Protection Officer

Next: Security Center

Back to Compliance Center

Global Data Protection Framework

Daily Event Insurance maintains comprehensive compliance with global data protection regulations including GDPR (EU), CCPA/CPRA (California), PIPEDA (Canada), and other international privacy laws.

Regulatory Compliance

🇪🇺

GDPR

General Data Protection Regulation

CompliantEuropean Union

Key Requirements:

Lawful basis for processing personal data

Data subject rights (access, deletion, portability)

Data protection impact assessments

Privacy by design and default

Mandatory breach notification (72 hours)

Appointment of Data Protection Officer

🇺🇸

CCPA

California Consumer Privacy Act

CompliantCalifornia, USA

Key Requirements:

Right to know what data is collected

Right to delete personal information

Right to opt-out of data sale

Right to non-discrimination

Enhanced privacy notices

Annual privacy audits

🇺🇸

CPRA

California Privacy Rights Act

CompliantCalifornia, USA

Key Requirements:

Sensitive personal information protections

Right to correct inaccurate data

Risk assessment requirements

Contractor/service provider obligations

Automated decision-making disclosures

California Privacy Protection Agency oversight

🇨🇦

PIPEDA

Personal Information Protection Act

CompliantCanada

Key Requirements:

Consent for collection and use

Limiting collection to necessary data

Accuracy of personal information

Safeguards for data security

Openness about policies

Individual access rights

GDPR Core Principles & Implementation

Lawfulness, Fairness, Transparency

Clear privacy notices, lawful basis documented, transparent processing

Purpose Limitation

Data used only for stated purposes, no secondary uses without consent

Data Minimization

Collect only necessary data, regular reviews of data needs

Accuracy

Processes to correct inaccurate data, customer self-service options

Storage Limitation

Defined retention periods, automated deletion processes

Integrity and Confidentiality

Encryption, access controls, security monitoring

Accountability

DPO appointed, DPIA processes, compliance documentation

International Data Transfer Mechanisms

Standard Contractual Clauses

EU Commission approved contracts for international transfers

Applies to: All EU to non-EU transfers

Adequacy Decisions

Transfers to countries with adequate data protection

Applies to: Canada, UK, Japan (limited)

Binding Corporate Rules

Internal data transfer policies for multinational organizations

Applies to: Intra-group transfers

Explicit Consent

Customer consent for specific international transfers

Applies to: Individual transactions

Data Breach Response Protocol

Detection (0-4 hours)

Identify and contain the breach
Assess scope and data involved
Activate incident response team
Document initial findings

Assessment (4-24 hours)

Determine number of affected individuals
Evaluate risk level to data subjects
Identify root cause
Begin remediation

Notification (24-72 hours)

Notify supervisory authority (GDPR: 72 hours)
Notify affected individuals if high risk
Coordinate with law enforcement if needed
Update stakeholders

Remediation (Ongoing)

Implement security improvements
Provide support to affected individuals
Conduct post-incident review
Update policies and procedures

Partners must report any suspected data breaches immediately. Contact our security team at security@dailyeventinsurance.com or call our 24/7 security hotline at 1-800-SECURE-1.