General Data Protection Regulation

How does Itron manage your Solutions?

What is GDPR?

The General Data Protection Regulation (GDPR) was passed by the EU Parliament, replacing the Data Protection Directive 95/46/EC. The stated objectives of GDPR are, “to harmonize data privacy laws across Europe, to protect and empower all EU citizens and to reshape the way organizations across the region approach data privacy.”

GDPR applies to both data controllers and data processors. As such, it will affect Itron, its customers and suppliers.

Itron and GDPR

Itron has a formal program to identify, inventory and assess risk for the protection of personal data residing in Europe, including that used as part of the programs directed by Itron customers acting as data controllers.

Further, Itron has architected security into our solutions from end to end, from our communications modules in the field to the back office applications, systems and processes that supply and support them. This practice supports a "Secure By Design" principle as set forth in the GDPR, whereby data protection is built into a system from the outset, rather than as an afterthought addition.

Our deployment architecture and policies strive to reflect the "best practice" controls recommended in many standards, especially in the areas of asset management, access control (based on the principle of least privilege), physical and environmental security, and contingency plans for business operations and infrastructure continuity.

Itron implements the business policies and procedures that are required to ensure the continued safety of systems and data. These include, but are not limited to, access specific security roles, physical protection mechanisms for facilities and data centers, formal policy and procedure for change control, personnel background checks and security and incident management training.

These processes and procedures align to a broad set of reference control frameworks that include, but are not limited to ISO-27001, SOC 2 Type 1, SOC 2 Type 2 and SSAE-16. Itron performs regular tests of our technologies and processes under a formal methodology to ensure that we can rapidly and effectively identify and manage risks to our internal operations and our customers' environments that may arise over time.

If you have any questions, please email