As ‘GDPR day’ has finally arrived, we thought we’d take a moment to talk about GDPR, Brightsolid and your data!
What is GDPR?
The EU General Data Protection Regulation (GDPR) is a new regulation which will replace the 1998 Data Protection Act, and will strengthen data protection for all individuals within the European Union. This comes into force on 25th May 2018.
Why is GDPR important?
The GDPR expands existing individuals’ rights to their personal data and imposes new obligations on how personal data is handled. GDPR compliance is not just a matter of ticking a few boxes; the regulation demands that you be able to demonstrate compliance with all its data processing principles.
Who does GDPR apply to?
The GDPR applies to all EU organisations that collect, store or process the personal data of individuals residing in the EU, even if they’re not EU citizens.
What is the scope of GDPR?
The GDPR applies to personal data. This is any information that can directly or indirectly identify a person, can be in any format, and includes genetic and biometric data.
What are the penalties for breaching GDPR?
Breaches of GDPR could mean significant penalties with fines of up to 4% of annual worldwide revenue or €20 million, whichever is greater.
Brightsolid and your data
DPR defines organisations as Data Controllers and/or Data Processors and there are specific obligations that relate to each type of organisation under GDPR.
DATA CONTROLLERS – Determine the means and purpose of collecting personal data
DATA PROCESSORS – Are responsible for processing that data; this is a broad term and can mean for example, analysing data, or perhaps storing data on behalf of someone else.
Brightsolid, as a colocation and managed cloud solutions provider, is confident that we satisfy all our obligations under the new regulations. However, we understand you may have questions around your GDPR responsibilities related to your data held in our data centres. The following explains ours, and your obligations around that data:
Brightsolid is
- the controller and processor for data we collect about our clients to manage and communicate with respect to their service
- the processor or joint processor of data for our client’s managed cloud solutions
- neither the controller or processor for data which is held in client’s colocated racks
What you can expect from Brightsolid:
- We will implement appropriate technical and organisational measures to protect your data. e.g. ISO 27001 accreditation.
- We will provide you with information to help you demonstrate our compliance with GDPR
As a controller, the personal information we have from you will be:
- collected and processed fairly & lawfully
- adequate, relevant and limited to our needs
- accurate and kept up to date
- collected only with your consent.
As a processor we will:
- only process data for the purpose of providing service to you
- ensure we deal with all your data in a confidential way
- promptly notify you of any security incidents
- immediately take action to prevent future security incidents
- cooperate with you in any impact assessment or regulatory consultation ensure your data is return or deleted
support you in audits
Brightsolid’s GDPR approach is focused on ensuring we deliver against our commitments and providing easy-to-understand solutions that enable our customers to control the personal data that Brightsolid processes on their behalf.
For any questions you may have around Brightsolid, GDPR and your data, contact us now.