GDPR compliance with Preservica
Preservica products and operations help ensure you meet your GDPR obligations.
Processing personal data after Brexit
From 11pm on December 31st 2020, Preservica extended our existing conformance to EU-GDPR requirements, to include UK-GDPR, ensuring Preservica continues to meet our data protection obligations.
The EU-UK Trade and Cooperation Agreement contains a bridging mechanism that allows the continued free flow of personal data from the EU/EEA to the UK after the transition period until adequacy decisions come into effect, for up to 6 months. More details are available here.
If the UK and EU both approve reciprocal 'adequacy’ decisions, data transfers can continue between UK and EEA countries, without any additional action. The UK has confirmed the EU currently has an 'adequate' data protection regime, so UK to EEA transfers may continue. The EU is currently conducting a data adequacy assessment of the UK.
If an EU adequacy decision for the UK is not granted, Preservica and our processing partners will provide details of any additional, appropriate safeguards required - where not already covered by our Data Processing and Data Sharing Agreements. Customers using our AWS and Microsoft hosted services can find additional details here and here.
Preservica is closely monitoring the situation and will provide further updates as more details are agreed.
Preservica meets its obligations as a ‘processor’ for customers that are ‘controllers’ of personal data
Preservica cloud products and operations meet the processor requirements of the General Data Protection Regulation (GDPR) helping our customers protect the rights of their data subjects.
It’s important to note that although the GDPR is an EU regulation it may still apply to any organization which is a controller of personal data for an EU data subject, even if that organization is outside of the EU.
Preservica helps to ensure you meet your GDPR obligations and preserve your valuable digital information for the long-term.
How Preservica helps you meet your long-term GDPR obligations
Article 15
Right to access &
provision of copies
Secure search, download & authenticated public access
Article 16
Right to
rectification
Updated metadata or secure delete & ingest workflows
Article 17
Right to erasure
[to be forgotten]
Secure delete or automated data management policies
Articles 18 & 21
Right to object
or restrict
Updated classification metadata or restricted security access
Article 20
Right to data
portability
Download or export DIPs
Article 30
Maintain records
of processing
Full history audits, personal data reports & secure processes
Article 32
Security of
processing
Two Factor Authentication, encryption for data & ISMS 27001 processes
Article 32
Accidental or unlawful
destruction & disclosure
Secure access controls with multi-step delete approvals
The GDPR states controllers "shall use only processors providing sufficient guarantees to (...) meet the requirements of this Regulation", so your choice of vendor(s) is critical to meeting your own obligations.
Article 28
How Preservica can help you
The GDPR is more than just a challenging new regulation, it also provides an opportunity for long-term improvement.
Employing best practices in information governance can realize greater value for your organization, through a stronger focus on your information and the trust of the individual. Preservica is a critical component in effective information governance and we will help you protect the rights of anyone whose ‘personal data’ you hold in Preservica cloud hosted services.
Guaranteeing regulation requirements
Preservica guarantees any personal data identified by our customers shall be processed lawfully, fairly and in a transparent manner .
In addition to ISO 9001 and ISO 27001 certifications, we have updated our technical and organizational measures to meet all regulation requirements, including security and privacy. When requested or required we will provide assistance or notifications.
Our contracts reflect requirements to bind controller and processor, recording all required details relating to the processing of any personal data.
Protection & compliance in the cloud
Preservica cloud solutions are hosted by AWS or Microsoft Azure, according to customer requirements. Both AWS and Azure are committed to fulfilling their GDPR obligations – further information can be found via the following links:
Both AWS and Azure are also fully compliant with ISO 27017 and ISO 27018 security certifications.
This, combined with Preservica’s highly secure information governance and preservation capabilities, provides a solution committed to helping customers with their long-term GDPR compliance.
Want to know more?
Contact us to discuss how Preservica can help you deliver effective long-term information governance combined with digital preservation and your GDPR obligations.
GDPR: Taking the long term view of your privacy obligations
Preservica discusses why organisations should take a longer-term view of privacy obligations, at Simmons & Simmons Datatech
Mind the gap: the responsibility to remember in the GDPR era
In this presentation from IRMS18 Gareth Aitken discusses the journey towards GDPR, including considerations for holding & managing long-term data.
How does GDPR impact digital preservation solutions in the Cloud?
GDPR can be an opportunity for long-term improvements in your records management, digital preservation and cloud operations.