There is no doubt that General Data Protection Regulation (GDPR) is going to impact everyone in the data industry, Webbula included. As we approach May 25th our passion for “Truth in Data” remains as strong as it ever has been during the last decade, and our commitment to industry-leading data quality is stronger than ever. All of us at Webbula are excited about the changes that GDPR brings and the opportunity it presents for us to continue providing superior data solutions for our customers.
Let’s take a quick look at what GDPR is and what Webbula is already implementing.
The GDPR is the European Union’s new, comprehensive privacy and data protection law that will take effect on May 25, 2018. The primary aim of the GDPR is to regulate how the personal data of EU residents are processed – even by businesses that have no physical or legal presence in the EU. Organizations can face hefty fines for non-compliance: up to €20 million or 4 percent of annual global revenue, whichever is higher.
Webbula’s Commitment to GDPR
What is Webbula doing to ensure that it is compliant with the GDPR?
Webbula is currently re-papering vendor contracts and working with vendors to ensure they are compliant.
Webbula is continuing to review its security measures, as we always do, to stay at the forefront of evolving industry standards and best practices.
We have appointed a representative in the EU and are in the process of delivering a new Data Processing Addendum (where applicable), all of which will ensure we’re satisfying the subcontracting obligations of a data processor under the law.
There is not yet any kind of recognized GDPR certification scheme. Webbula is taking the necessary steps to ensure that it is in compliance with the GDPR.
When appropriate, Webbula will offer customers and partners a new GDPR Data Processing Addendum (“DPA”). Signing the DPA amends our standard terms of service and Master Services Agreement (“MSA”) to reflect obligations required under the GDPR. This is the instrument that you can rely on to have certainty that Webbula will comply with the GDPR.
Am I a data controller? Is Webbula a data processor?
Typically, a Webbula customer will be considered as a data controller (i.e., an organization that determines the purposes and means of the processing of personal data) and Webbula will be considered both a data controller and data processor under the law. Controllers and processors each have their own respective obligations under the law. Therefore, Webbula’s GDPR compliance plan looks a bit different from that of many of our customers. This doesn’t mean Webbula can’t be used by data controllers – quite the opposite. When a data controller engages a service provider like Webbula, the service provider is typically a data processor acting on behalf of the controller, and the processor acts at the behest of the controller. As stated above, Webbula’s DPA will govern the relationship, and the nature of the processing activities, as between Webbula and its customers, regardless of which entity plays which role.
To learn more about Webbula’s GDPR Compliance, please check out our new GDPR page at http://jake.webbula.com/resources/webbula-gdpr/
Here are a few other links you may find helpful: