Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive as well as all the local laws relating to it.
We support the GDPR and will ensure all DigitalOcean services comply with its ordinances by May 2018. Not only is it an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law due to replace the existing EU Data Protection Directive on May 25, 2018. It is intended to enhance and harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
Who Does GDPR apply to?
The GDPR applies to all organizations operating in the EU or processing "personal data" of EU residents. It defines personal data as any information relating to an identified or identified natural person.
What Happens to Current EU Data Protection Laws after GDPR comes into effect?
On May 25, 2018, the GDPR will replace the existing EU Data Protection Directive. At that time, the existing Data Protection Directive, and the laws relating to it, will no longer apply.
What has DigitalOcean been doing to prepare for GDPR?
DigitalOcean is working hard to prepare for the GDPR. All DigitalOcean services will comply with the GDPR when it becomes enforceable in May 2018 and we are working closely with customers to help them prepare.
By May 2018, we will make available to all DigitalOcean customers an updated Data Processing Agreement (GDPR DPA) that will meet the requirements of the GDPR. For additional information on the GDPR DPA, or to obtain a copy, please contact the DigitalOcean Support team or your Customer Success Manager.
What changes will the GDPR introduce to organizations operating in the EU?
One of the primary goals of the GDPR is to create consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis. This can be achieved by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
What can customers do to prepare?
We encourage all customers and partners to start preparing for the GDPR now. If you already have robust compliance, security, and data privacy practices in place, your move to GDPR should be simple. For those who are just starting, we urge you to start reviewing your security, compliance, and data protection processes now.
Want More Information About EU Data Protection in the DigitalOcean Cloud? Contact us.