Enforceable from 25 May 2018, GDPR is a new EU regulation which has been designed to update the existing Data Protection Directive. Enacted in 1995, the existing directive was established before the days of widespread internet use, which has fundamentally changed the way we create, use, share, and store information. Alongside the aim of updating data protection, GDPR is also levelled at unifying approaches to data privacy and security. Being a directive, the existing framework had, by its nature, the flexibility to be implemented by EU member states as they saw fit, resulting in quite different approaches to data protection across Europe. GDPR is a regulation and as such must be followed much more rigidly – and, indeed, not just by companies based in Europe. At the core of GDPR is the aim to simplify, unify and update the protection of personal data.
We support the GDPR and will ensure all Instant Dedicated services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.
Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether based in the EU or not, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
Does the GDPR apply to an individual developer?
Yes, if the individual developer is an actual customer of Instant Dedicated and they are processing the personal data of EU individuals when using our products and/or services.
What is Instant Dedicated’s role under GDPR?
We act as both a data processor and a data controller under the GDPR.
Instant Dedicated as a data processor: When customers use our products and/or services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets uploaded onto a dedicated server. This means we will, in addition to complying with our customers’ instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
Instant Dedicated as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and other contact information.
What personal data do we collect and store from our customers?
We store data that customers have given us voluntarily. For example, in our role as data controller, we may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for our products and/or services or seek support help. We also may collect other identifying information from our customers, such as IP address, Paypal ID or any other form or payment method.
We separately act as a data processor when customers use our products and/or services to process EU personal data, such as uploading personal data onto a dedicated server. Customers decide what personal data, if any, is uploaded to our products and/or services.
What is the Instant Dedicated Data Processing Agreement (“DPA”)?
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. We have therefore made our DPA available to all our customers and it can be found here: Data Processing Agreement.
Are customers required to sign the Instant Dedicated DPA?
In order to use our products and services, you need to accept our DPA, which we will provide a link for on our website: Data Processing Agreement. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.
Can a customer share the Instant Dedicated DPA with its customers?
Yes. The DPA is a publicly available document and customers who wish to share it with their customers to confirm our security measures and other terms may feel free to do so.
Do customers need to notify anyone upon accepting our DPA?
No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.
Are there unique DPA needs for individual countries?
The GDPR applies to all of the EU and we offer a DPA that is compliant in all EU countries.
How do we handle delete instructions from customers?
Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their account and request that all personal data we have collected and stored is deleted. Log into your account at billing.instantdedicated.com for requesting this with our support department.