The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. It is designed to:
It affects any business holding personal data relating to a living individual (which could be customers, prospects or employees) based within the EU. If organizations neglect to comply with the new GDPR, they can be fined up to €20m or 4% of their global annual turnover. It is therefore vital that organizations are compliant with the new regulation.
GDPR imposes stricter regulations on data security. Equal liability is now placed upon the organization controlling and using the data and the managed service provider who processes the data.
This means that while it is the responsibility of an organization controlling the data to ensure they meet GDPR requirements, Managed Services Providers (such as Valiantys) also need to enhance their services to be able to offer additional technical and organizational safeguards. It is the responsibility of the organization controlling the data to ensure Managed Services Providers processing the data are able to supply services to meet the GDPR.
We understand that the GDPR is a big change for our clients. These new regulations will have varying impacts depending on your sector and industry. For many of Valiantys' customers, the software solutions we provide them will hold data which they need to access in order to prove their compliance with the GDPR regulations. How customers use the data in their systems will determine how GDPR affects them, and in turn the measures they need to take to prepare.
Following a previous Security Audit conducted by a neutral third-party company, we implemented a large number of security measures in our network that aid your compliance with the GDPR. This means that how we handle your data conforms to the regulations. However to ensure full compliancy, you must ensure that within your organization data is handled properly to adhere to the GDPR.
For our customers that use our Managed Hosting Service, we have committed to providing the additional security services that your journey to compliancy requires, specifically around core articles defined in the GDPR. We protect your environment, software and data against threats, whilst addressing regulatory needs. Application-aware firewalls are deployed with continually updated signatures to protect applications and data. Encryption of data at rest (as an option) and in transit ensures that data is not readable, in case the worst was to happen.
Now that we have updated our service, our handling of your data through our Managed Hosting Service is fully compliant with the GDPR. To ensure full compliancy however, you must also review your handling of PII data in-house. Our expert consultants can support you with this.
As advertised in a post from their blog, all AWS Services are GDPR ready. During their GDPR service readiness audit, their security and compliance experts confirmed that AWS has in place effective technical and organizational measures for data processors to secure personal data in accordance with the GDPR.
Valiantys has already implemented its own security measures to enable you to comply with the GDPR, including specific measures such as:
Because Atlassian does not access, collect, store, handle or otherwise process personal data in connection with providing their Server products to customers, GDPR-specific obligations do not attach to Atlassian by virtue of providing customers a Server or Data Center version of our products. However, they appreciate that their customers may have GDPR-specific obligations regarding the access, modification and deletion of personal data processed using Atlassian Server and Data Center products. They have prepared a Guide to Server and Data Center GDPR Support to assist customers in this area.
In case you encounter issues with privacy or problems related to the GDPR, a dedicated form has been created on our customer portal. You will have to log in to http://support-portal.valiantys.com and raise a ticket through the "Privacy or information security enquiry" form.
You can also reach our Data Protection Officer (DPO) using this dedicated email address: email@example.com
For more information on how we can help you on your journey to compliancy, please contact your Account Manager.