Data Protection

Our security program is founded on the controls we have built into our service to protect customer data. We regularly assess risk, monitor our controls, evaluate potential threats, and use this information to update our controls framework from policies and procedures to encryption protocols.

Processing Personal Data

The GDPR applies to the processing of EU personal data wholly or partly by automated means, as well as to non-automated processing, if it is part of a structured filing system. “Processing” covers a wide range of activities, including the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.


We understand that customers who use our platform and related services may wish to process EU personal data in connection with such use and will be required to comply with the GDPR. In such cases, Diligent will be the processor or sub-processor of such EU personal data. For more info about Diligent’s Privacy Policy, please visit:

Security of Personal Data

Security is the crux of all data protection. At Diligent, we are continually monitoring and improving our security and compliance capabilities for all of our customers globally. We maintain GDPR security compliance through our annual compliance reports and our robust information security program. Ahead of GDPR, we assessed our technical and organizational controls specific to the protection of personal data and have updated security processes where needed.

Data Processing Addendum for Customers

For customers who process EU and/or UK personal data in connection with their use of Diligent’s products and related services, Diligent offers a Data Processing Addendum to ensure compliance with EU and UK GDPR obligation to have a written contract in place with Diligent as a data processor. The Diligent Data Processing Addendum is available at

Additional information on Diligent’s global processing operations is available at For customers using only our on- premises products, all data in these products remains on the customer’s systems. Diligent does not access or process any of that data. Our Data Protection Officer can be contacted at:

Vendor Compliance with GDPR

Our vendor management program ensures that any vendors who are sub-processors of EU personal data will adhere to the same security standards as Diligent and are also GDPR compliant. Diligent enters into a written data processing agreement with each of our sub- processors to ensure such compliance and to ensure that any transfers of EU personal data are made only in accordance with GDPR. For a list of Diligent Group Companies and Sub-processors, see