General Data Protection Regulation (GDPR)
The General Data Protection Regulation or GDPR is a European Union regulation that is aimed at protecting personal data of EU citizens. It replaces the existing Data Protection Directive 95/46/EC and comes into effect on May 25, 2018. GDPR consolidates the data privacy laws across the EU region into one single regulation.
Any company, be it EU or non-EU based, which processes personal data of EU individuals comes under the scope of GDPR. For more details on the EU's GDPR, visit: https://gdpr.eu/
Important terms in GDPR:
- Personal data - The GDPR defines personal data as "Any information related to a natural person or 'Data Subject', that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address."
- Data processor and a data controller - According to the GDPR, "A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller."
IDrive® e2 's responsibilities under GDPR:
IDrive® e2 is committed to ensuring that our company and solutions meet the highest standards of data security and privacy, including compliance with the European Union's GDPR. IDrive® e2 already assists clients in meeting their compliance obligations under HIPAA, SOX, GLBA, SEC / FINRA. IDrive is also a self-certified company for compliance with the EU-US Privacy Shield Framework (https://www.idrive.com/dpa & https://www.idrive.com/e2/privacy_policy)
As part of GDPR compliance, IDrive® e2 will provide the following features:
- All necessary technical measures to ensure personal data is protected.
- All data transferred to IDrive® e2 is encrypted during transit and at rest, and is not processed by IDrive® e2 for any purpose other than as agreed upon in our terms and conditions.
- Protect data from loss.
Data Selection, Retrieval and Removal:
- Allow exclusion of files from backup.
- Allow users to remove their files from backups.
- Allowing for robust data recovery with availability of data versioning.
- Provide tools to recover data.
- Timely data-breach notifications to customers.
Right To Erasure
This is the right to have all personal data removed from our systems upon request. To exercise this right; please contact our support team to begin the process of verification and data removal.
Data Processing Addendum ("DPA") forms part of IDrive® e2 Inc.'s Terms of Service Agreement or other electronic agreements or mutually executed agreement between IDrive® e2 and Customer ("you" and "your") applicable to Customer's use of IDrive® e2 Services (the "Agreement") and reflects the Parties' agreement with regard to Processing Customer Personal Data.
Customer's responsibilities under GDPR:
IDrive® e2 strives to be a valuable resource and provide support to our valued partners and clients to help them achieve their own compliance with the GDPR. Compliance is your responsibility. Your obligations as the business customer and the data controller, have specific legal obligations under the GDPR. You should be confident that any providers (data processors) which you work with, have a highly robust approach to data protection, understand the obligations of the GDPR and are well prepared to meet them.
IDrive® e2 provides features you can use to meet your obligations under GDPR, but no provider can ensure GDPR compliance for you, nor can we dictate how or if you choose to be compliant.