Q. Who does the GDPR affect?
A. The General Data Protection Regulation (GDPR) not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects.
Q. What are the penalties for non-compliance?
A. Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million, whichever is higher. This is the maximum fine that can be imposed for the most serious infringements. It is important to note that these rules apply to both controllers and processors -- meaning the GDPR subjects data processors to direct liability in certain circumstances, for example in relation to a data security breach and joint liability to data subjects where the data controller is at fault.
Q. What constitutes personal data?
A. Any information related to a person , that can be used to directly or indirectly identify that person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Q. Is BitBahn GDPR certified?
A. No organisation can be GDPR certified. GDPR isn’t a certification scheme, standard or framework that any organisation can certify against. GDPR is a regulation which, if in scope, organisations must comply with.
Q. How does BitBahn comply with GDPR?
A. Our customers choose to work with us because a fundamental pillar for the success of our business is our robust data privacy framework. It ensures compliance with current privacy and data protection laws and encourages a culture of best practice when it comes to handling data. At BitBahn we are currently compliant with the ePrivacy Directive (the Privacy and Electronic Communications (EC Directive) Regulations 2003, also known as PECR under English Law). While GDPR requires an additional layer of process and documentation surrounding data processing activities, because we have continuously invested in protecting customer data, our products and services are either already GDPR compliant or on track to be for the May 2018 deadline. BitBahn applies what we consider to be state of the art technology to secure the data that we hold on behalf of our customers. By further implementing detailed policies, procedures, and processes that are certified as compliant with the most rigorous industry accepted data security standards, we are fully committed to providing compliant, multi-jurisdictional, segregated and secure solutions for all our customers.
BitBahn is also aligned with multiple well-known certification schemes such as ISO27001 and PCI-DSS. Interoute is committed to adhering to these standards and applies robust technical, physical and cyber security controls.
Q. How does BitBahn carry out key technical aspects of GDPR, such as ‘privacy by design’ or data privacy impact assessments (DPIA)?
A. BitBahn carries out data privacy impact assessments on all aspects of its business, both internally and for products used by our customers. BitBahn applies privacy by design via governance processes such as architecture boards and as a key milestone at the beginning of every project.
Q. Can my solution or service from BitBahn be tailored for my organisation’s GDPR compliance needs?
A. Yes, BitBahn can tailor any bespoke service for our customers’ requirements and to meet GDPR. We have several cyber security offerings that can help our customers achieve a strong level of cyber security maturity, and with it, GDPR compliance.