What is the GDPR?
The General Data Protection Regulation (GDPR) is a law that was passed by the European Union to go into effect on May 25, 2018. This law is intended to protect the rights of EU citizens (defined as natural persons) to control what is done with Personally Identifiable Information (PII) that is used or stored by organizations. The GDPR defines the responsibilities of organizations' data handling for individuals, as well as steep penalties for non-compliance. While this law was passed and is enforceable in the EU, it will also be enforceable in the United States via international trade agreements and laws.
Issuetrak has reviewed its data collection and maintenance procedures as it relates to the GDPR. This article provides a breakdown of how the GDPR applies to us, the measures we have taken, and the measures we will take in the pursuit of compliance with the GDPR.
What has Issuetrak done to prepare for the GDPR going into effect?
- Updated Cloud Hosting Service Agreement
- Updated Business Associate Agreement
- GDPR Data Processing Addendum
- Published Subprocessors Used by Issuetrak
- Upcoming Product Changes
- Added Cookie Opt-in on our website
- Ongoing Commitment to data security
How can I contact Issuetrak with concerns about privacy or security?
You can email email@example.com with questions or concerns about Issuetrak's handling of personal information.
Why does the GDPR apply to Issuetrak?
The GDPR applies to Issuetrak because we have business relationships in the EU. By extension, we handle limited information concerning the EU citizens we correspond with as a matter of course for our business relationships.
How does the GDPR define an organization like Issuetrak?
The GDPR defines the responsibilities of organizations based on their role in collection and usage of information. The roles are defined as:
- Data Controller – Who owns the data and determines what is done with it.
- Data Processor – Who hosts or stores the data and determines the mechanisms allowing access to it.
- Subprocessor – An organization engaged in processing a subset of information processed by the Data Processor.
As a cloud hosting provider, Issuetrak is classified as a Data Processor.
As an organization that collects information on potential sales leads, marketing data, and customers, Issuetrak is classified as a Data Controller.
Does Issuetrak have a Data Protection Officer (DPO)?
No. This is because Issuetrak is not considered a public authority, nor does it conduct large-scale monitoring of individuals or processing of large amounts of personal data, and thus does not meet the required criteria for needing a Data Protection Officer.
I‘m a Cloud customer. What will you do if you receive an information request concerning information that’s stored in my site?
I'm a Cloud customer and I have received a data subject request related to GDPR. What should I do?
If you need assistance complying with this request, don‘t hesitate to contact Issuetrak’s Cloud Services team via firstname.lastname@example.org.
What will Issuetrak do if it receives a legal request for data?
We may be compelled to comply with a court order or other legal requirement to disclose personal information. Additionally, if we discover that our services have been misused for the purpose of committing unlawful or legally objectionable acts, we may contact the appropriate legal authorities to share the appropriate information with them to the extent necessary to assist them with an investigation.
What will you do in the event of a breach concerning my Cloud data?
We will notify you within one business day of discovering the breach. We‘ll let you know what information was breached, the impact of the breach, preventive measures to ensure it doesn’t happen again, and who to contact at Issuetrak for more information.