What is the GDPR?
GDPR stands for “General Data Protection Regulation.” It is a data protection law adopted by the European Union (EU), which imposes new rules on all organizations that offer goods or services to individuals in the EU when processing “personal data” of EU residents. It is designed to strengthen the individual’s (also known as a “data subject”) fundamental right to privacy and the protection of personal data. It introduces robust requirements for companies doing business in Europe that will enhance and harmonize standards for data protection, security, and compliance. The GDPR was adopted on April 27, 2016 and becomes effective May 25, 2018.
We know that preparing for the GDPR is a priority for many of our customers. It is also a priority for Bigala Cloud.
What does the GDPR Regulate?
The GDPR regulates the “processing” of personal data, which includes the collection, use, disclosure, storage, manipulation, and erasure of personal data.
The GDPR’s definition of “personal data” is very broad. It captures any information relating to an identified or identifiable data subject, including: names, email addresses, photos, bank details, location data, IP addresses, and cookie identifiers.
What is a Data Controller? What is a Data Processor?
The GDPR divides organizations processing personal data into “data controllers” and “data processors.” A data controller determines the purposes and means of the data processing and tells the processor what to do with the data. A data processor processes personal data on behalf of the controller pursuant to the controller’s instructions. Data controllers must comply with the GDPR’s principles, including transparency and lawfulness of the processing. Data processors must act pursuant to the controller’s instructions, secure the data, and help data controllers comply with the GDPR.
Bigala Cloud is a data processor when it acts as a service provider to our customers who use our data hosting and storage services. Our customers are data controllers for the data they maintain in our data centers since they decide what data we process and restrict our use of it. Our Data Processing Addendum (“DPA”) to our customer agreements sets forth our responsibilities and obligations as a data processor as well as responsibilities and obligations of our customers.
Does Bigala Cloud have a DPA?
Yes, we have posted our DPA on the Bigala Cloud website. Our DPA sets forth our responsibilities and obligations as a data processor, including to:
Will Bigala Cloud be compliant with the GDPR by May 25?
Bigala Cloud is committed to the core principles of the GDPR. We are committed to using personal data responsibly and protecting it with advanced technologies and robust internal policies and practices. We are aligning our privacy program, including our business practices, processes, and policies, to help us meet our obligations. We have engaged world class leaders in the field of data privacy and protection to lead this effort alongside our own team.
What are some of the core obligations that Bigala Cloud has as a data processor and what is Bigala Cloud doing to comply?
As a global provider of data driven services, we are integrating global privacy requirements, including EU data protection requirements, into our business practices.
What personal data does Bigala Cloud process?
As a hosting service, we process, on behalf of our customers, personal data contained in any files, applications or content uploaded to our systems by Bigala Cloud customers or their end users. Our customers determine what personal data is hosted by Bigala Cloud.
Is Bigala Cloud allowed to transfer personal data from the EU to other countries as part of offering the service?
Yes. As part of our service offering and to meet our contractual obligations, we transfer personal data from the EU and Switzerland to the United States under our EU and Swiss Privacy Shield certifications. Our customers select the country where personal data is stored.