General Data Protection Regulation (GDPR)
The General Data Protection Regulation or GDPR is a European Union regulation that is aimed at protecting personal data of EU citizens. It replaces the existing Data Protection Directive 95/46/EC and consolidates the data privacy laws across the EU region into one single regulation. The regulation comes into effect on May 25, 2018.
As per the new regulation, any company, be it EU or non-EU based, which processes personal data of EU individuals comes under the scope of GDPR. For more details on the EU's GDPR, visit: https://www.eugdpr.org/
Important terms in GDPR:
Personal data - GDPR defines personal data as “Any information related to a natural person or ‘Data Subject', that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”
Data processor and a data controller - According to the GDPR, “A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.”
IBackup's responsibilities under GDPR:
IBackup is committed to ensuring that our company and solutions meet the highest standards of data security and privacy, including compliance with the European Union's GDPR. IBackup already assists clients in meeting their compliance obligations under HIPAA, SOX, GLBA, SEC / FINRA, and is also a self-certified company for compliance with the EU-US Privacy Shield Framework (https://www.ibackup.com/dpa.htm & https://www.ibackup.com/policy_new.htm).
As part of our responsibilities under GDPR , IBackup will provide the following features:
- Necessary technical measures to ensure personal data is protected
- Data transferred to IBackup is encrypted during transit and at rest, and is not processed by IBackup for any purpose other than as agreed upon in our terms and conditions
- Protect your data from loss
- Allow exclusion of files from backup
- Allow users to remove their files from backups
- Allowing for robust data recovery with availability of data versioning
- Provide tools to recover data
- Timely data-breach notifications to customers
This is the right to have all personal data removed from our systems upon request. To exercise this right; please contact our support team to begin the process of verification and data removal.
Data Processing Addendum ("DPA") forms part of Pro Softnet Corporation’s Terms of Service Agreement or other electronic agreements or mutually executed agreement between IBackup and Customer ("you" and "your") applicable to Customer’s use of the IBackup Services (the "Agreement") and reflects the Parties’ agreement with regard to Processing Customer Personal Data.
Customer's responsibilities under GDPR:
IBackup strives to be a valuable resource and provide support to our valued partners and clients to help them achieve their own compliance with the GDPR. However, compliance is your responsibility. You as the business customer and the data controller, have specific legal obligations under the GDPR. You should ensure that any providers (data processors) which you work with, has a highly robust approach to data protection, understand the obligations of the GDPR and are well prepared to meet them.
IBackup provides features you can use to meet your obligations under GDPR, but no provider can ensure GDPR compliance for you, nor can we dictate how or if you choose to be compliant.