General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new European data protection regulation adopted by the EU Commission. It replaces the EU Data Protection Directive, also known as Directive 95/46/EC. The GDPR becomes effective on May 25, 2018 and will strengthen security of and regulate personal data in the broadest sense. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled.
We would like to provide you with answers to some of the questions that we hear time and time again from our customers. We also want to provide an update on what Rackspace has done to ensure that we will be ready for GDPR and what services we offer to our customers to help them meet their compliance obligations.
FAQs about the upcoming General Data Protection Regulation (GDPR)
When it comes to customer data, is Rackspace a controller or a processer?
Under the GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. Rackspace has limited knowledge of the data that each customer processes via the hosting infrastructure (“Customer Data”). Also, Rackspace only processes Customer Data in accordance with the customer’s instructions. Therefore, Rackspace is a processor of Customer Data hosted at Rackspace; the customer is a controller.
Will GDPR change the way Rackspace treats customer data?
Rackspace continues to treat customer data with the required level of sensitivity and confidentiality. Learn more about our security practices.
Rackspace will continue to invest in the security of its customer solutions to ensure it remains compliant with applicable legislation.
With the new GDPR, can an EU customer continue to host personal data outside of the EU/EEA?
Provided certain legal mechanisms are in place, EU customers can host personal data outside of the EU. Personal data may be transferred outside of the EU and the EEA when an adequate level of protection for that data is guaranteed.
To help achieve this level of protection, Rackspace is Privacy Shield certified.
Please reach out to your account manager if you need a Rackspace Data Processing Addendum that includes EU Standard Contractual Clauses.
Won’t I be in breach of the data protection laws if Rackspace transfers my personal data outside the EU/EEA?
The current laws allow Rackspace to process personal data and therefore support your services from outside the EEA if you have given us your consent, or if data is transferred to a non-EU jurisdiction deemed by the European Commission to offer an adequate level of protection for personal data, or if the transfer is subject to model contracts.
Can you keep my data in the EU only?
Rackspace is able to offer Fanatical Support by operating a 24/7 "follow the sun" support model that leverages our support engineers in countries where we operate. This means that although we will not move your personal data into another jurisdiction without your consent, sometimes we will need to provide you with support from outside the EU. We comply at all times with applicable laws.
Transfers of personal data originating from other locations globally to Rackspace affiliates are subject to the terms of the Intra-Company Data Processing Agreement which requires all transfers of personal data to be made in compliance with applicable Rackspace security and data privacy policies and standards.
Will the Data Protection laws/GDPR apply when Britain leaves the EU?
The U.K. legislation on data protection (Data Protection Act 1998) is derived from the EU Directive on data protection. The new General Data Protection Act, which is effective from May 2018, will replace the U.K. legislation and the U.K. Information Commissioner has confirmed that the U.K. will comply with the GDPR to enable it do business in Europe.
What’s the relationship between the Frankfurt data center and the U.K. data center?
FRA1 and FRA 30 provide customers with another option for an EU footprint. By establishing a presence in Germany, we are able to expand our support to help meet the future needs of our EU customers.
What services does Rackspace offer to help me comply with GDPR?
First, review the GDPR to determine whether it applies to your organization. If GDPR applies, make sure that you implement appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR.
Please feel free to reach out to a representative at Rackspace so that we can help tailor a solution to fit your business needs. While we cannot ensure that your company is GDPR-compliant, we do offer many products and services that can help you meet some of the GDPR requirements. You should always work with a legally qualified professional to discuss GDPR, how it applies specifically to your organization and how best to ensure compliance.
Information about security products that we offer: https://www.rackspace.com/en-us/security
Fanatical Support for AWS customers can access Amazon’s EU Data Protection information here: https://aws.amazon.com/compliance/eu-data-protection/
GCP customers can find answers about the Google Cloud here: https://www.google.com/cloud/security/gdpr/
Fanatical Support for Azure customers can find additional information here: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx