Alumio & GDPR

As a company, you must comply with privacy regulations. The scale and complexity of these regulations is certainly challenging today. Being compliant means that you must be able to demonstrate how you handle data, that you can track and monitor all data. Alumio gives you configuration capabilities to meet the regulations that apply to your business, ensuring that your complex integration landscape is compliant in a maintainable manner. While Alumio logs and checks in 360 degrees, you can manage your security and compliance as your business grows.

Official statement of Alumio
concerning GDPR


Alumio and its partners give their full commitment to Data Protection and GDPR Compliance.

Alumio and its partners are committed to help customers located around the world with their GDPR compliance readiness journey.

Alumio and its partners will help each customer with offering reporting and consulting services, so each customer is able to:

  • describe the nature of the data breach, and if possible categorize and approximate number of data subjects and the categories and approximate number of personal data records concerned
  • disclose the contact details of their DPO
  • describe the consequences of the breach
  • describe measures taken to address the breach


Breach disclosure

According to the GDPR, Alumio shall report the data breach to the regulatory authorities (and sometimes affected individuals), within 72 hours after becoming aware of the breach.

The same applies for the organization or a company that is a data processor. The data processor needs to notify the data controller as soon as possible or within 72 hours after they have become aware of the breach.

How Alumio helps you comply with the GDPR

Alumio enables companies to be able to execute GDPR in the following GDPR business requests:

  • Enhancing existing individual rights
  • A right to erasure and the right to be forgotten
  • The right to receive personal data
  • Be able to implement GDPR user interfaces
  • The rights to notice, access, rectification and to object
  • Remove data from (external) sources

Alumio also has defined a model for security principles:

Security, Availability, Privacy, Confidentiality & Processing integrity.

How Alumio is helping organisation’s
to execute GDPR


As you probably know GDPR protects European Union data subjects’ fundamental right to privacy and the protection of personal data. Alumio’s headquarters is based in the Netherlands and therefore Alumio is born and raised with high standards when it comes to privacy, compliance and security of data.

Alumio enables companies to be able to execute GDPR in the following GDPR business requests:

  1. Enhancing existing individual rights and creating new rights to be forgotten and to data portability

    Alumio can help organizations to execute requests of customer to delete their personal data, which can be stored in multiple software applications.
  2. A right to erasure and the right to be forgotten

    A new right to data portability means that you have to be able to make sure customers can change their privacy settings, which means that you have to change this in all connected software and data lakes.
  3. the right to receive the personal data

    Customers have the right to ask their personal data and to receive this in a certain format. Alumio can help you to gather this information and to send it to requested software or persons via API calls or exporting capabilities of Alumio.
  4. Businesses will need to implement effective user interfaces

    Every company should offer a user friendly way to give customers access to their privacy information and give them the ability to see, change and delete these. As interfaces can communicate via API’s requests, Alumio is a matching combination for each of you user friendly solution.
  5. Enhanced rights to notice, access, rectification and to object to processing

    Controllers had to provide data subjects with certain minimum information before collecting personal data. These disclosures included the identity of the controller, the purposes of processing, and any recipients of personal data.
  6. Erasure and the right to be forgotten, means that you have to be able to remove data from (external) sources, such as databases, websites, content, (internal) search engines, etc.

    Alumio can be used to send the data to all the sources and if so, Alumio will save all this data. It can be requested via API, or just by using the services for reporting and logging capabilities of Alumio.

Ready to dive in?

Get your demo today.

Let's build an IT-landscape for tomorrow, together!