How can we help you?

General Data Protection Regulation (GDPR)

What is the GDPR?

The GDPR is the European Union’s new, comprehensive privacy and data protection law which took effect on May 25, 2018. The primary aim of the GDPR is to regulate how the personal data of EU residents is processed – even by businesses that have no physical or legal presence in the EU.

How is Agile Transformation Inc. complying with GDPR?

Agile Transformation, Inc. (“ATI”) took the necessary steps to ensure that it is in compliance with the GDPR.

ATI offers a new Privacy Policy that replaced our prior policy. The new Privacy Policy isn’t dramatically different from our previous Privacy Policy, but it does address GDPR-specific concepts. The new Privacy Policy defined the general terms by which ATI, as a data processor, processes data on behalf of its customers (who are typically data controllers) in accordance with Article 28 of the GDPR.

According to Article 28 of the GDPR, data processors must act only upon the documented instructions of the data controller unless otherwise required by law. This, however, does not relieve ATI of any of its obligations or liabilities under the GDPR. ATI is required to ensure that it is in compliance with the GDPR.

ATI is working with customers and partners to incorporate Data Processing Addendums (“DPAs”) to customer contracts, where necessary for GDPR compliance. Signing a DPA amends the terms of service between ATI and such customers to reflect obligations of the parties under the GDPR. DPA terms will incorporate Standard Contractual Clauses approved by the European Commission to ensure sufficient safeguards are in place for data transferred internationally outside the European Economic Area (“EEA”).

As the GDPR law develops further or is amended, ATI will continue to adapt and ensure compliance as needed for its customers and partners so ATI can continue providing the services you need for your agile work environment.

Who is ATI’s Data Protection Officer (DPO)?

ATI’s DPO is: Jim Schraepfer, CISA, CISSP, CCSP
Email address:

In accordance with Article 38 of the GDPR, members of the public may contact the DPO with regard to issues related to processing of their personal data and to exercise their rights under the GDPR – for example, to object to the processing of their data in cases where the data controller (i.e., ATI’s customer) does not provide an adequate response.

Was this article helpful?
0 out of 0 found this helpful
    Download article


Please sign in to leave a comment.