Adpoint: Our commitment to the General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive, strengthening the rights that EU individuals have over their data, seeking to unify data protection laws across Europe.
Our customers can count on the fact that Lineup is already ready to support their GDPR compliance requirements across our managed Adpoint services when the GDPR takes effect on May 25, 2018. Customers can leverage Lineup services with confidence understanding the robust data protection capabilities built-in to Adpoint.
Where do we stand?
At Lineup, we have always worked diligently to help our customers directly address EU data protection requirements. These efforts have been critical in our ongoing preparations for the GDPR:
- Data processing terms: Strong data protection commitments between cloud providers and customers are fundamental to compliance. Our data processing terms for Adpoint clearly articulate our privacy commitments to customers. We have evolved our terms over the years based on feedback from our customers and regulators our new GDPR ready Adpoint Data Processing Terms are available in our Compliance Portal.
- Third-party audits and certifications: We offer a number of third-party audits and certifications for Adpoint. In 2016, we introduced a new third-party audit SOC1 Type II (ISAE 3402 / SSAE 18 Type II) to cover numerous services within Adpoint cloud. Our most recent certificate can be accessed from the Compliance Portal.
- International data transfers: The GDPR, like the Data Protection Directive it will replace, includes provisions on international data transfer mechanisms. We will be using model contract clauses that have been confirmed to be compliant by European Data Protection Authorities, affirming that Lineup contractual commitments fully meet the requirements to legally frame transfers of data from the EU to the rest of the world, in accordance with the Data Protection Directive.
- Data export: The GDPR includes certain requirements for the export of personal data. The data you store in Adpoint is yours. We strive to include data portability capabilities and are continually working to enhance the robustness of our data export capabilities.
- Incident notifications: GDPR contains requirements around breach notifications. Lineup has always provided a framework around incident notification. We will continue to invest in our security, incident response, threat detection and prevention capabilities.
GDPR Readiness: 5 Things You Can Do Today
Now is a great time for you to begin preparing for the GDPR. Five things you can do today to prepare for GDPR:
- Familiarize yourself with the provisions of the new regulation, particularly how they may differ from your current data protection obligations.
- Consider creating an updated and precise inventory of personal information that you process.
- Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps.
- Consider how you can leverage Adpoint compliance capabilities as part of your own regulatory compliance framework. Conduct a review of Adpoint third-party audit materials to see how they may help with this exercise.
- Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you.
In order for customer to comply with GDPR they must enter into a contract with all processors that act on their data. In support of this requirement Lineup has published a new Adpoint Data Processing Terms that acts as an addendum to the Master Service Agreement and replace any previously applicable terms relating to their subject. This document can be downloaded from the Lineup Compliance Portal along with supporting documentation.
All customers that engage Lineup as a processor should download this agreement and return it once executed to firstname.lastname@example.org.