The General Data Protection Regulation (GDPR) is a new European data protection regulation adopted by the EU Commission. It replaces the EU Data Protection Directive, also known as Directive 95/46/EC. The GDPR becomes effective on May 25, 2018 and will strengthen security of and regulate personal data in the broadest sense. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled.
We would like to provide you with answers to some of the questions that we hear from our customers. We also want to provide an update on what RavenHQ has done to ensure that we will be ready for GDPR and what services we offer to our customers to help them meet their compliance obligations.
FAQs about the upcoming General Data Protection Regulation (GDPR)
Does RavenHQ comply with GDPR with regards to the data of RavenHQ customers?
When it comes to customer data, is RavenHQ a controller or processor?
Under the GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. RavenHQ has limited knowledge of the data that each customer processes via the hosting infrastructure (“Customer Data”). Also, RavenHQ only processes Customer Data in accordance with the customer’s instructions. Therefore, RavenHQ is a processor of Customer Data hosted at RavenHQ; the customer is a controller.
Will GDPR change the way RavenHQ treats customer data?
RavenHQ continues to treat customer data with the required level of sensitivity and confidentiality. RavenHQ will continue to invest in the security of its customer solutions to ensure it remains compliant with applicable legislation.
With the new GDPR, can an EU customer continue to host personal data outside of the EU/EEA?
Provided certain legal mechanisms are in place, EU customers can host personal data outside of the EU. Personal data may be transferred outside of the EU and the EEA when an adequate level of protection for that data is guaranteed.
Won’t I be in breach of the data protection laws if RavenHQ transfers my personal data outside the EU/EEA?
The current laws allow RavenHQ to process personal data and therefore support your services from outside the EEA if you have given us your consent, or if data is transferred to a non-EU jurisdiction deemed by the European Commission to offer an adequate level of protection for personal data, or if the transfer is subject to model contracts.
Can you keep my data in the EU only?
RavenHQ will not move your personal data into another jurisdiction without your consent, sometimes we will need to provide you with support from outside the EU. Some data regarding your name, email address, and general account information may reside on servers that are based in the US, and you can always choose to host your databases within EU data centers. We comply at all times with applicable laws.
Can I sign a Data Processing Addendum (DPA) with RavenHQ?
Yes. Please submit a support ticket and we'll send you a copy of the DPA to sign.
If you have additional concerns or questions about GDPR compliance, feel free to contact us.