GDPR stands for General Data Protection Regulation. It is the core of Europe's digital privacy legislation. Put simply, GDPR refers to the European Commission’s method of ensuring the security of its citizens’ personal data by regulating privacy guidelines regarding the processing of EU personal data.
Who does GDPR affect?
GDPR affects any service or activity that collects, stores, or processes any personal data of EU residents. As per the GDPR, EU personal data refers to any data that can directly or indirectly be used to identify an EU resident, such as name, address, and IP address.
Does GDPR require that EU personal data stay in the EU?
No, GDPR does not require that EU personal data stay in the EU. GDPR’s reach is global and it protects the personal data of its citizens regardless of where the data is collected, stored, or processed.
How does GDPR apply to IE.Solutions?
As per the GDPR, IE.Solutions plays two roles in operating your data:
IE.Solutions’ first role is that of a Data Controller. As a company, we require some information from our customers upon sign up, such as name and email address. This information makes us the Data Controllers.
The second role we serve at IE.Solutions is Data Processors. When you, our customer, use IE.Solutions to collect and store your data, this makes you the Data Controllers and us, IE.Solutions, the Processors of your data.
What steps have we taken to become GDPR compliant?
In many ways, our preexisting practices and policies enabled us to align with the requirements of GDPR without major changes. While we use sub-processors for certain activities, such as email delivery and data center hosting via AWS, IE.Solutions does not and has never shared customer application data with any 3rd parties.
We are and have always been committed to transparency with regards to our control environment and privacy practices. IE.Solutions has always committed and now reinforces our commitment to informing our customers of any suspected or actual data breaches expeditiously.
Additionally, we have taken the following steps towards GDPR compliance:
We compiled and maintain accurate data inventory of our 3rd party vendors, or sub-processors as per the GDPR, with whom we share data and we have published our sub-processor list below.
We created a GDPR-aligned Customer Data Processing Agreement.
We created, documented, and implemented a Right to be Forgotten process.
What steps should customers take to be compliant with the requirements of GDPR?
As in all other areas of data security, the privacy and protection of customer data is a partnership between the customer and IE.Solutions. Customers can read up about the new regulations and guidelines of GDPR to learn how it may affect them and their university. Customers can consult their legal services to determine if any changes need to be made in regard to how they collect and store data on IE.Solutions.
In addition to strengthening our strictest privacy policies and procedures for GDPR compliance, we have updated our Data Processing Addendum to include additional provisions which can assist customers with their GDPR compliance.
At IE.Solutions, we view GDPR as an opportunity to strengthen our already vigorous security initiative which follows strictest industry-standard policies and procedures for maximum protection of our customers’ data. Customers can learn more about our security initiative in its entirety in our Trust Center.