At SUMADI our customers trust us with some of their most sensitive and private information, their students and exams data. That is why we take security and privacy very seriously and is a priority for our product teams. As part of that commitment, we are proud to announce that we have achieved 100% compliance in all GDPR laws. 

The General Data Protection Regulation (GDPR) is a set of standards adopted as law by the European Union and United Kingdom to protect the personal data and privacy of their residents; but the good news is that it can apply to any other country outside the European Union. We choose to pursue GDPR because it is one of the most complete security and privacy frameworks in the world, all the controls, tests and security has been applied to data from all our current and future customers so everybody is protected in the same way.   

GDPR compliance applies to nearly all personal data and in our case to Personal Identifiable Information from the students, it also guarantee eight rights that any user has, for example the right to information – where the users have the right to give informed consent before their data is collected, stored or processed; or the right to ereasure – where users can choose to have us delete their data if they are no longer customers or they choose to withdraw their consent.  

Since we started as Sumadi we have maintained a strong security posture, but it was important that we prove to our customers that we do everything we claim to do, the first step was to search for the best solution and for a third party to validate our compliance, as GDPR per se is not an international certifiable process, but a set of rules, rights, and controls that we must comply.  This way we found Vanta, it is a perfect combination of consultancy and automated controls that would help us achieve our goal quickly; their platform integrates automatically to our tech stack such as AWS and github, It collects all evidence and compares it to GDPR requirements. They also monitor our policies, procedures and controls that we claimed to have, one of the best part is that they monitor all our employees, making sure they are up to date with security trainings and their computers are protected. 

“Achieving 100% compliance in GDPR with Vanta is clear evidence for our customers that we take security and privacy very seriously. Being compliant means that we will continuously maintaining and improving our security posture” said Julio Elgueta, Director of Architecture and Security at Sumadi.  


If you want to know more about our security and and privacy posture click here: