Effective May 25, 2018, the General Data Protection Regulation (GDPR) is a European privacy law that imposes significant new requirements on any company or entity that handles, stores, collects, processes, uses or analyzes any personal data of individuals located in the European Union (EU). It gives these individuals greater control over the data that companies have about them, and it creates heightened security, disclosure, access and notification obligations on any business that uses personal data of individuals located in the EU.
Intermedia has extensive expertise managing a highly secure infrastructure and complying with complex regulations. We currently self-certify compliance with the EU-US Privacy Shield framework (access our Privacy Shield Notice here) and are committed to comply with the GDPR across our services. Intermedia maintains a security environment that meets the requirements of the GDPR, and we offer GDPR-compliant Data Processing Addendums (DPAs) to our partners and customers to help assure them that our processing and handling of their data will meet the GDPR’s standards. Ultimately, every business needs to carefully assess their own business activities and their compliance with the GDPR, but we can help by managing GDPR compliance on the services we provide.
The GDPR is complex, but the following is a high-level summary of its key elements:
The GDPR applies to any personal data of individuals located in the EU. “Personal data” consists of any information that can be used to identify a person. In some cases, it’s easy to identify personal data as it directly identifies a specific individual – for example, an email address, taxpayer or employee ID number, or a person’s name. However, personal data may also include less obvious types of information such as a person’s credit card number, location information and/or IP address. It can also include indirectly identifying information (such as age or postal code) that is used in combination with directly identifiable information. It is very broadly defined.
The GDPR states that data controllers (such as Intermedia’s customers) may only use data processors that provide sufficient guarantees that meet key requirements of the GDPR. Intermedia meets that requirement, and we are pleased to offer a Data Processing Addendum (DPA) to any Intermedia partner or customer. Our DPA contains contractual commitments to comply with the GDPR, as well as the other commitments described below. Please contact your Intermedia account representative for assistance putting a DPA in place.
Intermedia’s DPA includes a number of commitments on the part of Intermedia, in its capacity as a processor of personal data of individuals located in the EU, to comply with the GDPR. The GDPR requires that processors such as Intermedia commit to:
No! The GDPR is a far-reaching privacy law that touches any business that handles any personal data of individuals within the EU. Intermedia can help support your GDPR compliance efforts by fulfilling our obligations as a processor of any personal data that you, your customers and your users submit to Intermedia in connection with the services we provide. However, there are a number of other actions you should be considering, such as:
GDPR compliance requires a very detailed and business-specific analysis. Intermedia provides GDPR-related assurances regarding the services we provide. Most companies that, directly or indirectly, have contacts or dealings with the EU are working with outside legal and compliance advisors to help them understand how the law applies to their own business and what they need to do to comply. Intermedia strongly recommends that, if you have any questions regarding GDPR compliance for your own business, you seek the advice of your legal advisors.