General Data Protection Regulation

How does Itron manage your solutions?

What is GDPR?

The General Data Protection Regulation ("GDPR") was enacted by the EU Parliament to "harmonize data privacy laws across Europe, to protect and empower all EU citizens and to reshape the way organizations across the region approach data privacy." The GDPR protects individuals who are under the jurisdiction of the European Economic Area ("EEA") and therefore applies to the processing of their personally identifiable information ("PII") by Itron, its customers, and its suppliers worldwide.

Itron and GDPR

Itron's privacy program identifies, inventories, and assesses risks relating to the collection, processing, storage, analysis, and transfer of PII of its employees, customers, and end-users, including individuals who are within the jurisdiction of the EEA and subject to the GDPR. For these purposes, Itron maintains and maps records of data processing activities and assets. Itron also produces data privacy impact assessments ("DPIAs") as warranted.

Itron has created and implemented appropriate technical and organizational measures ("TOMs") to protect confidential information, including PII, and ensure the security, integrity, and availability of Itron's products and services. Itron pursues privacy-by-design, as set forth in the GDPR, throughout its network architecture and solutions from end to end, supporting its policy of establishing systems that ensure data protection from the outset, rather than as an afterthought.

Itron pursues the best practices set forth in the Generally Accepted Privacy Principles ("GAPP") framework. These practices include, but are not limited to, identity access management, disaster recovery and business continuity, information security training of all Itron personnel, and a documented incident response program. In addition, Itron maintains business policies and procedures to ensure the continued safety and security of its facilities, systems, and data, including physical protection mechanisms.

Itron's business processes and procedures align to a broad set of reference information security control frameworks that include but are not limited to ISO-27001 and SOC 2 Type 1 and Type 2. Itron regularly tests its internal systems, operations, and customer and end-user interfaces to ensure that it can rapidly and effectively identify, manage, and respond to risks as they arise.

If you have any questions, please contact Itron's Global Privacy Office at