Frequently Asked Questions about GDPR
What is GDPR?
GDPR (General Data Protection Regulation) is a set of rules delivered by the European Commission, that enables people to have better control over their personal data. The key objective is that every person should be able to get a hold of its personal data such as names, addresses, telephone numbers, account details, online identifiers and other relevant personal information.
Who does this new law apply to?
In today’s digital economy, personal data and privacy has acquired enormous significance. By unifying European rules on data protection, lawmakers aimed to create a consistent framework. Therefore, every European company or company that performs business in the E.U. and that stores any kind of personal information that makes it able to track and link to an individual, must comply to GDPR regulations.
When it comes to customer data, is GITS PSF a controller or a processor?
Under the GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. GITS PSF has limited knowledge of the data that each customer processes via email, hosted applications and hosting infrastructures (“Client Data”). Also, GITS PSF only processes Client Data in accordance with the customer’s instructions. Therefore, GITS PSF is a processor of Customer Data managed and hosted at GITS PSF; the customer is a controller.
Will GDPR change the way GITS PSF treats customer data?
GITS PSF continues to treat customer data with the required level of sensitivity and confidentiality. GITS PSF will continue to invest in the security of its customer solutions to ensure it remains compliant with applicable legislation.
Where will my data be stored?
IT, cloud and dedicated hosting environments are managed from, operated in and hosted in our private rooms in the state owned LuxConnect Tier IV datacentres located in Bettembourg and Roost/Bissen in Luxembourg. For certain services and solutions, we will need the support from suppliers outside of the EU. We will not move your personal data into another jurisdiction without your consent. We commit to comply at all times with applicable laws.
With the new GDPR, can GITS PSF continue to work with technology providers that might store data outside of the EU/EEA?
Provided certain legal mechanisms are in place, GITS PSF can use sub-processors and have personal data outside of the EU. Personal data may be transferred outside of the EU and the EEA when an adequate level of protection for that data is guaranteed. As mentioned before, we will not move any personal data into another jurisdiction without our customer’s consent.
Do GITS PSF operate other data centres within the EU where data is stored?
No, GITS PSF currently has no other data centres or hosting facilities in other countries than Luxembourg.
What security framework does GITS PSF have in place to protect personal data?
GITS PSF commits to implement appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR. Such as:
- Physical (datacentre) protection
- Network security
- Storage security
- Computing security
- System & network monitoring
- Disaster recovery
- Identity management
- Access control mechanisms
- Encryption of data in transit and at rest
- Risk mitigation strategies
What services does GITS PSF offer to help me comply with GDPR?
First, review the GDPR to determine whether or not it applies to your organisation. If GDPR applies, make sure that you implement appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR.
We encourage you to act on the GDPR regulation and as part of our obligation to our customers we believe that investing in protection and security of systems and data is something that all companies need to do, regardless of legal requirements such as GDPR. Below we present you an overview of the solutions in our portfolio that may help you to close some gaps and help you become more compliant for the new General Data Protection Regulation.
- Data Protection by design
- Online backup and retention
- Disaster Recovery and business continuity
- Data leak prevention and monitoring
Please feel free to reach out to a representative at GITS PSF so that we can help tailor a solution to fit your business needs. While we cannot ensure that your company is completely GDPR-compliant, we do offer many solutions and services that can help you meet some of the GDPR requirements. You should always work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation and how best to ensure compliance
Do I need to update my current agreement with GITS PSF in light of GDPR?
We have prepared a Data Processing Agreement that will be presented as addendum to existing agreements. It will meet the requirements of the GDPR. Please contact our team for more information.