General Data Protection
Regulation (GDPR)
On May 25, 2018 a new European data protection regulation approved by the EU Commission will become effective. The General Data Protection Regulation (GDPR). replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to regulate the way organisations across the region manage data privacy. This will strengthen security.
In light of this, we want to give you an update on what MGT-Commerce has done to ensure that we will be ready for GDPR and what services we offer to our customers to help them meet their compliance obligations.
In addition, we would like to provide you with answers to some of the queries that we receive often from our customers. In case, you do not find the information you are looking for in this page feel free to drop us a line.
Will GDPR change the way MGT-COMMERCE GmbH treats customer data?
MGT-COMMERCE GmbH continues to treat customer data with the required level of sensitivity and confidentiality. MGT-COMMERCE GmbH will remain investing in the security of its customer solutions to ensure it stays compliant with applicable legislation.
Won’t I be in breach of the data protection laws if MGT-COMMERCE GmbH transfers my personal data outside the EU/EEA?
The current laws allow MGT-COMMERCE GmbH to process personal data and therefore support your services from outside the EEA if you have given us your authorisation, or if data is transferred to a non-EU jurisdiction deemed by the European Commission to offer an adequate level of protection for personal data, or if the transfer is subject to model contracts.
When it comes to customer data, is MGT-COMMERCE GmbH a controller or a processer?
Under the GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. MGT-COMMERCE GmbH has limited knowledge of the data that each customer processes via the hosting infrastructure (“Customer Data”). Also, MGT-Commerce only processes Customer Data in accordance with the customer’s instructions. Therefore, MGT-Commerce is a processor of Customer Data hosted at MGT-Commerce; the customer is a controller.
With the new GDPR, can an EU customer continue to host personal data outside of the EU/EEA?
EU customers can host personal data outside of the EU provided certain legal mechanisms are in place. When an adequate level of protection for that data is ensured, personal data may be transferred outside of the EU and the EEA.
Will the Data Protection laws/GDPR apply when Britain leaves the EU?
The U.K. legislation on data protection (Data Protection Act 1998) is derived from the EU Directive on data protection. The U.K. Information Commissioner has confirmed that it will comply with the GDPR as the new General Data Protection Act, which is effective from May 2018, will replace the U.K. legislation. This will be done in order to enable the U.K. do business in Europe.
What services does MGT-COMMERCE GmbH offer to help me comply with GDPR?
First of all, review the GDPR to decide whether it applies to your organization. In case GDPR applies, make sure that you implement appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR.
While we cannot guarantee that your company is GDPR-compliant, we do offer many products and services that can help you meet some of the GDPR requirements. We advise you to always work with a legally qualified professional to discuss GDPR, to understand how it applies specifically to your company and to find the best manner to ensure compliance.
Please feel free to contact a representative at MGT-COMMERCE GmbH so that we can help design a solution to fit your business needs.