The General Data Protection Regulation (GDPR) is a new European data protection regulation adopted by the EU Commission. The new GDPR regulation is mainly a legal story, regulations which is effective as of May 25 2018. It replaces the EU Data Protection Directive, also known as Directive 95/46/EC. The GDPR will strengthen security of and regulate the treatment of personal data. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled.

GDPR impacts all companies serving customers in the EU. The information provided in this section is meant to provide high level insights about the GDPR. In no case the information in this section can be considered as a complete GDPR handbook. We will focus on some of the legislation’s fundamental definitions, the responsibilities that come with this new law, and on IT related security precautions GITS PSF can propose in order to be more compliant.

Some definitions

A proper understanding of the terms often used in the General Data Protection Regulation is essential. Find below the most commonly used terms:

Personal data
Any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified.

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collecting, recording, transmission, storage, conservation, extracting, consultation, use, disclosure by transmission and so on.

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Subject
The natural persons who can be directly or indirectly identified by the controller, in particular by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity.

GITS PSF as Data processor

Within the GDPR framework GITS PSF are considered a Data Processor and most of our customers are considered Data Controllers. This will typically be the case when customers use our hosting and Infrastructure services and store data on such GITS PSF managed service or infrastructure. The responsibility of the Data Processor is to ensure that any Personal Data that is processed on behalf of, and by instruction of the controller, are always protected and kept confidential.

GITS as a controller

GITS PSF are considered as a “data controller” when we determine the purpose and method of “our” personal data processing. This is typically the case when we collect data for billing, managing accounts receivable, improving the quality of services and performance, sales prospecting, commercial management, etc.

Security of processed data

Our solutions are designed to be highly secure and compliant with Luxembourgian and European regulations. We offer resilience and security solutions for data protection. We ensure that valuable data is processed accordingly and suitably protected.


As a managed services provider (MSP), GITS PSF engages with different types of sub-processors to perform various functions and being able to provide a certain set of services to its customers. A sub-processor is considered a third party service provider engaged by GITS PSF, who has or potentially will have access to, or process data (which may contain Personal Data).

Frequently Asked Questions

We regularly receive questions about GDPR, how data is protected and about our compliance with this new law. Our team has many years of experience and specialised knowledge in guiding our customers towards compliant and regulated IT. Our solutions are aligned with EU data regulations and compliance standards for data protection. We ensure that your valuable data is processed accordingly and will be suitably protected. Find here some of the most common questions and answers in regard to GITS PSF’s compliance with GDPR.