Haut de page

Managed Services & the General Data Protection Regulation (GDPR)

What is GDPR?

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. It is designed to:

  • Harmonize data privacy laws across Europe.
  • Protect and empower all EU citizens data privacy.
  • Reshape the way organizations across the region approach data privacy.

It affects any business holding personal data relating to a living individual (which could be customers, prospects or employees) based within the EU. If organizations neglect to comply with the new GDPR, they can be fined up to €20m or 4% of their global annual turnover. It is therefore vital that organizations are compliant with the new regulation.

What does this mean for Valiantys managed services customers?

GDPR imposes stricter regulations on data security. Equal liability is now placed upon the organization controlling and using the data and the managed service provider who processes the data.

This means that while it is the responsibility of an organization controlling the data to ensure they meet GDPR requirements, Managed Services Providers (such as Valiantys) also need to enhance their services to be able to offer additional technical and organizational safeguards. It is the responsibility of the organization controlling the data to ensure Managed Services Providers processing the data are able to supply services to meet the GDPR.

We understand that the GDPR is a big change for our clients. These new regulations will have varying impacts depending on your sector and industry. For many of Valiantys' customers, the software solutions we provide them will hold data which they need to access in order to prove their compliance with the GDPR regulations. How customers use the data in their systems will determine how GDPR affects them, and in turn the measures they need to take to prepare.

What is Valiantys doing about GDPR?

Following a previous Security Audit conducted by a neutral third-party company, we implemented a large number of security measures in our network that aid your compliance with the GDPR. This means that how we handle your data conforms to the regulations. However to ensure full compliancy, you must ensure that within your organization data is handled properly to adhere to the GDPR.

For our customers that use our Managed Hosting Service, we have committed to providing the additional security services that your journey to compliancy requires, specifically around core articles defined in the GDPR. We protect your environment, software and data against threats, whilst addressing regulatory needs. Application-aware firewalls are deployed with continually updated signatures to protect applications and data. Encryption of data at rest (as an option) and in transit ensures that data is not readable, in case the worst was to happen.

Now that we have updated our service, our handling of your data through our Managed Hosting Service is fully compliant with the GDPR. To ensure full compliancy however, you must also review your handling of PII data in-house. Our expert consultants can support you with this.

Is Valiantys' infrastructure GDPR-compliant?

As advertised in a post from their blog, all AWS Services are GDPR ready. During their GDPR service readiness audit, their security and compliance experts confirmed that AWS has in place effective technical and organizational measures for data processors to secure personal data in accordance with the GDPR.

Valiantys has already implemented its own security measures to enable you to comply with the GDPR, including specific measures such as:

  • Encryption of personal data
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring processing security

How does Atlassian support GDPR compliance efforts for Server and DataCenter customers?

When you use Atlassian Server and Data Center products, Atlassian provides those products in a downloadable format. Atlassian does not access, collect, store or otherwise process personal data in connection with providing those downloadable products to Server and Data Center customers, except in limited cases where such data is provided for incidental support services. Atlassian may access analytics events associated with your technical use of the products, but only where permitted by your administrator. Such information is filtered to exclude any personal data prior to the analytics leaving your environment. For more information on the analytics collected through Atlassian downloadable products, please see their Privacy Policy.

Because Atlassian does not access, collect, store, handle or otherwise process personal data in connection with providing their Server products to customers, GDPR-specific obligations do not attach to Atlassian by virtue of providing customers a Server or Data Center version of our products. However, they appreciate that their customers may have GDPR-specific obligations regarding the access, modification and deletion of personal data processed using Atlassian Server and Data Center products. They have prepared a Guide to Server and Data Center GDPR Support to assist customers in this area.

How to report an incident or problem related to the GDPR?

In case you encounter issues with privacy or problems related to the GDPR, a dedicated form has been created on our customer portal. You will have to log in to http://support-portal.valiantys.com and raise a ticket through the "Privacy or information security enquiry" form.

You can also reach our Data Protection Officer (DPO) using this dedicated email address: dpo-gdpr@valiantys.com

Find out more

For more information on how we can help you on your journey to compliancy, please contact your Account Manager.