General Data Protection Regulation (GDPR) FAQ
What is the GDPR?
The GDPR is the European Union’s new, comprehensive privacy and data protection law that will take effect on May 25, 2018. The primary aim of the GDPR is to regulate how the personal data of EU residents is processed – even by businesses that have no physical or legal presence in the EU.
How is Agile Transformation Inc. complying with GDPR?
Agile Transformation, Inc. (“ATI”) is taking the necessary steps to ensure that it is in compliance with the GDPR.
According to Article 28 of the GDPR, data processors must act only upon the documented instructions of the data controller unless otherwise required by law. This, however, does not relieve ATI of any of its obligations or liabilities under the GDPR. ATI will be required to ensure that it is in compliance with the GDPR.
ATI will work with customers and partners to incorporate Data Processing Addendums (“DPAs”) to customer contracts, where necessary for GDPR compliance. Signing a DPA amends the terms of service between ATI and such customers to reflect obligations of the parties under the GDPR. DPA terms will incorporate Standard Contractual Clauses approved by the European Commission to ensure sufficient safeguards are in place for data transferred internationally outside the European Economic Area (“EEA”).
As the GDPR law develops further or is amended, ATI will continue to adapt and ensure compliance as needed for its customers and partners so ATI can continue providing the services you need for your agile work environment.
Who is ATI’s Data Protection Officer (DPO)?
ATI’s DPO is: Jim Schraepfer, CISA, CISSP, CCSP
Email address: [email protected]
In accordance with Article 38 of the GDPR, members of the public may contact the DPO with regard to issues related to processing of their personal data and to exercise their rights under the GDPR – for example, to object to the processing of their data in cases where the data controller (i.e., ATI’s customer) does not provide an adequate response.