What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. It creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which are collected together can lead to the identification of a particular person, also constitute personal data.
Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law.
Who is Affected
Any company holding a person’s data that is moving across EU jurisdictions will be affected, even if the company is not located in Europe.
GDPR introduces extensive and all-inclusive changes to privacy of data for anyone in the EU (from citizens to visitors and immigrants) and for any company that retains EU customer data.
Non-EU companies will be a special target for higher fines.
What is Jelastic role under GDPR?
We act as both a data processor and a data controller under the GDPR
Jelastic as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
Jelastic as a data processor: When we receive EU personal data from our partners, we act as a data processor.
What have we done to comply with GDPR?
- developed and implemented a legal scheme for GDPR compliance and related documents;
- analyzed Data Processing Flow and reduced number of staff roles with access to personal data, and the scope of such data;
- instructed and trained personnel and sub-processors on GDPR and other security cases;
- forced the release of security related features in Jelastic 5.4 “Shield” (Advanced Firewall Management, Network Isolation);
- appointed DPO;
What personal data do we collect and store from our customers?
We may collect and store such personal information as email address, phone number, IP address, when customers sign up for our products and services, or seek for support. Also we can collect contact information to provide additional information or educational materials.
Do we transfer data internationally?
The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria.
We have a company Jelastic S.L. in Spain, EU, personal data can be transferred to our companies in the USA and Ukraine. We signed Contractual Clauses with them to implement the appropriate safeguards referred in article 46 of GDPR.
How do we handle GDPR related instructions from customers?
In accordance with GDPR, data subjects have a set of rights such as: ask for incorrect, inaccurate or incomplete personal data to be corrected, receive personal data in a machine-readable format and send it to another controller (‘data portability’), object to the processing of personal data for marketing purposes, request that personal data be erased (‘right to be forgotten’), and so on.
To fulfill realization of such rights and provision of any necessary information we created a page Manage Your Personal Data within Jelastic with the appropriate request forms.