What is Webbula doing to ensure that it is compliant with the GDPR?
Webbula is currently re-papering vendor contracts and working with vendors to ensure they are compliant. Webbula is continuing to review its security measures, as we always do, to stay at the forefront of evolving industry standards and best practices. We have appointed a representative in the EU and an expert Data Protection Officer and are in the process of delivering a new Data Processing Addendum, all of which will ensure we’re satisfying the subcontracting obligations of a data processor under the law.
So Webbula will be compliant with the GDPR. Does that mean that I’m automatically compliant too? If not, where can I learn more about my own obligations?
Each organization that processes personal data, and that’s regulated by the GDPR, will face its own obligations to comply with the GDPR. While using a GDPR-compliant service like the ones Webbula offers can make it easier to comply, much of how you collect, use, and dispose of personal data is not determined by Webbula. Thus, each organization should get its own professional guidance on the topic to help ensure compliance. Here are some resources from the UK Information Commissioner’s Office:
Am I a data controller? Is Webbula a data processor?
Typically, a Webbula customer will be considered as a data controller (i.e., an organization that determines the purposes and means of the processing of personal data) and Webbula will be considered both a data controller and data processor under the law. Controllers and processors each have their own respective obligations under the law. Therefore, Webbula’s GDPR compliance plan looks a bit different from that of many of our customers. This doesn’t mean Webbula can’t be used by data controllers – quite the opposite. When a data controller engages a service provider like Webbula, the service provider is typically a data processor acting on behalf of the controller, and the processor acts at the behest of the controller. As stated above, Webbula’s DPA will govern the relationship, and the nature of the processing activities, as between Webbula and its customers, regardless of which entity plays which role.