Superset and GDPR
India currently does not have a data protection law enforced. However, to maintain the highest
standards of data security and privacy for its users, Superset complies with all GDPR principles, for
its users in India, EU and other countries.
What is Superset's take on GDPR?
At the onset, GDPR may look intimidating making it harder for marketers to access user
information. However, it also provides marketers with an opportunity to reconnect with their audience
and strengthen the brand-consumer relationship. Take the opportunity to inform users of the data you
collect and how you use them, make them aware of their rights which can be reassuring and builds
How does GDPR apply to Superset?
When it comes to using of our platform by Superset clients, universities and employers are
the controllers and Superset is a processor — and that means that Superset will follow the
instructions of its clients when it comes to the processing of personal data on their behalf. However,
Superset is the controller when it comes to personal data that it collects from student users, its
employees and from EU citizens who visit the Superset website or have their data collected in other ways
through our marketing programs.
Superset's commitment to data security and privacy?
At Superset, we believe in “security by design,” meaning that we have built
security into the core of our product and have made it a key focus area since day one. Superset’s
security by design committee meets on a regular basis to review, discuss and implement privacy
principles in the design and development of the features, functionalities, and operations of the
Superset. Superset’s security by design committee includes manager level employees from product,
engineering and operations organizations together with Superset's privacy and security teams.
How we enable our customers to be GDPR compliant?
As a data processor, Superset is focused on automating—as much as is technically
feasible—the ability of its clients to comply with the rights of EU citizens and other users. For
instance, Superset has already updated its platform so that clients can respond to requests of
individual data subjects. Superset already provides a way for the customers to export the user data. If
required, clients can raise a support ticket to delete the customer data on demand.