Stream and GDPR

Stream emphasizes the significance of the General Data Protection Regulation (GDPR) for organizations with customers in the European Union, highlighting the potential penalties for non-compliance, which include fines up to €20 million or 4% of global turnover. The GDPR mandates strict access control, data encryption, the ability to delete and download personal data, justified data storage and processing, and comprehensive audit logging. Stream has implemented measures such as limiting data access to essential personnel, enabling data deletion and download through its API, encrypting API communications and backups, and logging all data access. Additionally, Stream advises customers against sending personally identifiable information (PII) and has updated its terms and privacy policy to align with GDPR requirements. The company recommends consulting a lawyer for specific legal advice regarding GDPR compliance.