General Data Protection Regulation (EU GDPR)
General Data Protection Regulation
General Data Protection Regulation (EU GDPR)
The European Union General Data Protection Regulation (EU GDPR) aims to regulate the collection, processing, storage, deletion, transfer, and use of personal data of EU residents. Any company handling EU personal data will have to comply with the new rules. Although we do not process any personal sensitive data, we are still obligated to comply with the regulation to ensure your data entrusted to Cetbix is secured.
We do not provide legal advice and this content is not intended to provide, and should not be considered as legal advice. On 25 May 2018, the European data protection legislation was enforced (European Union’s (EU’s) General Data Protection Regulation (GDPR)) and has replaced the 1995 European Union Data Protection Directive.
This new policy aims to put EU residents in control of their personal and sensitive data. The GDPR regulates how data is collected, processed, stored, deleted, transferred, and used. As a data processor, we are committed to maintaining the privacy and confidentiality of your company data entrusted to us. Your data is encrypted at rest and during transmission. We have also implemented several security controls to protect data and the physical locations in which it is hosted. All data is kept in Germany - location facilities maintain ISO 27001 certifications.
To enhance our security measures, a state of the art automation tool has been built to ensure system integrity at the application level.
CERTIFICATIONS AND COMPLIANCE
As a data processor, Cetbix is committed to maintaining the confidentiality, integrity and the privacy of the data entrusted to us. We have a documented Information Security Program describing how technical and administrative security controls are implemented to protect data and the physical locations in which it is hosted. Data is kept in European co-location facilities maintain ISO 27001 certifications. Access controls mechanisms are established for physical and logical access to the facilities and the infrastructure hosting the services.
All physical and logical access is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24x7 on-site security, local and remote security and environmental monitoring, and redundant power and environmental controls. We have built a state of the art automation tools, designed to ensure system integrity at the application level.
A highly trained team of security professionals is responsible for documenting and deploying security controls. A separate team is responsible for performing Continuous Monitoring to ensure that these controls remain effective and in-place. The infrastructure hosting the SaaS services is actively monitored with agents collecting hundreds of metrics specific to hardware, networking, and the OS. These metrics are compared against well-established baselines. Alerts are automatically generated when thresholds are crossed and escalation schemes are systematically enforced so that potential issues are addressed in a timely manner. Operations personnel are available 24 hours a day, 7 days a week to respond to any infrastructure issues.
DATA PROCESSING AGREEMENTS / MODEL CLAUSES (SCCs)
Cetbix enters into GDPR data processing agreements, which incorporate the 1995 EU Data Protection Directive’s Standard Contractual Clauses(also known as Model Clauses), with customers.
OUR COMMITMENT
The Cetbix is committed to providing GDPR compliant services to our customers. Our product is designed with data security in mind and already have many GDPR compliant features built in.
For collecting data covered by The General Data Protection Regulation (GDPR) the Data Controller is Steven Furnell.
Please read the following privacy: