What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that applies throughout the EU beginning 25 May, 2018. The EU Parliament focused this legislation on data protection for individuals in the EU and EU citizens. The GDPR is an update to the 1995 Data Protection Directive, and includes stricter requirements for handling personal data and data subject rights. The GDPR has become a major focus for businesses worldwide, as it applies to any global business that handles the data of EU citizens. GDPR will be applied in all EU citizens and residents.
See the GDPR Home Page.
How does GDPR affect ComplySci?
ComplySci processes customer Personal Data to provide our products and services and for other limited purposes enumerated in our Privacy & Cookies Policy. With prestigious customers both in the EU and the US with employees who are EU citizens, ComplySci handles significant amounts of EU citizens’ data. ComplySci is a Data Processor and processes and hosts Personal Data in order to meet our contractual obligations to our customers, the Data Controllers.
What is ComplySci doing?
Like many other companies, ComplySci is devoting significant resources and time toward GDPR compliance and will be ready for the May 25, 2018 deadline. ComplySci is also committed to helping our customers fulfill their requirements under GDPR and local law. We commit to:
When will ComplySci be ready for GDPR?
ComplySci is devoting significant resources and time toward GDPR compliance and will be ready for the May 25, 2018 deadline.
Where does ComplySci send my data?
Our goal is to provide our customers with secure, fast, and reliable services. As a provider of global services, we run our services with common operational practices and features across multiple jurisdictions.
In the US, ComplySci stores data in the Tierpoint data center, in Bethlahem, Pa. and in its AWS data center located in Ohio. In the EU, ComplySci currently stores data in the Equinix and Telehouse data centers in Slough and London, UK, respectively. By the time GDPR takes effect, ComplySci will be storing data in the AWS Ireland region. Data is stored in the jurisdiction requested by our customers. Data is stored in two replicated, geographically separated data centres within the jurisdiction.
ComplySci may allow employees located in the US or the UK access to data stored in another jurisdiction for customer and technical support purposes. We disclose in our Privacy & Cookies Policy that customer data may be transferred to or accessed from these countries but always subject to governance in compliance with GDPR requirements.
What is the ComplySci information security approach?
ComplySci takes the following approach to information security:
Is ComplySci Privacy Shield certified?
Yes. You can view our Privacy Shield certifications here.
Is ComplySci SOC certified?
Yes, we have recently completed SOC1 Type 2 certification for both ComplySci and PTCC.
Who are ComplySci’s Sub-Processors under the GDPR?
ComplySci works with certain 3rd parties in order to provide our services. Those relevant third parties are available here.
The GDPR Resources and Updates
We’ll continue to update this page with new / revised information, so please check back periodically. You can also email firstname.lastname@example.org with specific questions about our GDPR policy and any privacy concerns.