Effective May 25, 2018, the General Data Protection Regulation (GDPR) is a European privacy law that imposes significant new requirements on any company or entity that handles, stores, collects, processes, uses or analyzes any personal data of residents of the European Union (EU). It gives EU residents greater control over the data that companies have about them, and it creates heightened security, disclosure, access and notification obligations on any business that interacts with EU residents.
Intermedia has extensive expertise managing a highly secure infrastructure and complying with complex regulations. We currently self-certify compliance with the EU-US Privacy Shield framework (access our Privacy Shield Notice here) and are committed to comply with the GDPR across our services. Intermedia maintains a security environment that meets the requirements of the GDPR, and we offer GDPR-compliant Data Processing Addendums to our partners and customers to help assure them that our processing and handling of their data will meet the GDPR’s standards. Ultimately, every business needs to carefully assess their own business activities and their compliance with the GDPR, but we can help by managing GDPR compliance on the services we provide.
The GDPR is complex, but the following is a high-level summary of its key elements:
The GDPR applies to any “personal data” of an EU resident. “Personal data” consists of any information that can be used to identify a person. In some cases, it’s easy to identify “personal data” – for example, an email address, taxpayer or employee ID number, or a person’s name accompanied by a work or home address. However, “personal data” may also include less obvious types of information, such as a person’s biometric data, location information and/or IP address. It is very broadly defined.
The GDPR states that data controllers (such as Intermedia’s customers) may only use data processors that provide sufficient guarantees to meet key requirements of the GDPR. Intermedia meets that requirement, and we are pleased to offer a Data Processing Addendum to any Intermedia partner or customer. That addendum contains contractual commitments to comply with the GDPR, as well as the other commitments described below. Please contact your Intermedia account representative for assistance putting a Data Processing Addendum in place.
Intermedia’s Data Processing Addendum includes a number of commitments on the part of Intermedia, in its capacity as a processor of EU residents’ data, to comply with the GDPR. The GDPR requires that processors such as Intermedia commit to:
No! The GDPR is a far-reaching privacy law that touches any business that handles any personal data of EU residents. Intermedia can definitely help you comply with the GDPR, by fulfilling our obligations as a processor of any data that you, your customers and your users submit to Intermedia in connection with the services we provide. But there are a number of other actions you should be considering, such as:
GDPR compliance obviously requires a very detailed and business-specific analysis. Intermedia provides GDPR-related assurances regarding the services we provide. Most companies that, directly or indirectly, have contacts or dealings with the EU are working with outside legal and compliance advisors to help them understand how the law applies to their own business and what they need to do to comply. If you have any questions, Intermedia is happy to point you to additional resources that may help you look into these issues.