Let Us Assist In Your GDPR Compliance
You don't have to be an existing client - we can assist in your business performance upgrade to GDPR Compliance. However, we strongly recommend you read the information below to achieve a better understanding of what's required.
In short, no matter what type of business you run, or a single person business, GDPR affects you.
intelHUB Private Cloud & the General Data Protection Regulation
On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
You can count on the fact that intelHUB Private Cloud is committed to GDPR compliance across our Cloud services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts over the years.
intelHUB Private Cloud Platform Commitments to the GDPR
Among other things, data controllers are required to only use data processors that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR. Here are some aspects you may want to consider when conducting your assessment of intelHUB Private Cloud Platform services.
Click on the left buttons inside the tabbed menu:
Data Protection Expertise
intelHUB Private Cloud security and privacy professionals include some of the world’s foremost experts in information, application, and network security. This team is tasked with maintaining the company’s defence systems, developing security review processes, building security infrastructure, and implementing intelHUB's security policies.
intelHUB Private Cloud also use an extensive team of lawyers, regulatory compliance experts, and public policy specialists who look after privacy and security compliance for intelHUB.
These teams engage with customers and supervisory authorities to shape our Cloud Platform services in a manner that helps customers meet their compliance needs.
Data Processing Agreements
Our data processing agreements for Cloud Platform clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers.
More recently, we have specifically updated these terms to reflect the GDPR, and have made these updates available well in advance of the entry into force of the GDPR to facilitate our customers’ compliance assessment and GDPR readiness when using intelHUB Private Cloud services.
Our existing customers are entered into these updated data processing terms now which you may view here. The updated terms will take effect from 25 May 2018, when the GDPR comes into force.
New customers accepting the terms and conditions when ordering from us are also accepting the updated terms which take effect from 25 May 2018, when the GDPR comes into force.
Processing According to Instructions
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions, as described in our current as well as our GDPR-updated data processing agreements.
Personnel Confidentiality Commitments
All intelHUB Private Cloud employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. intelHUB Private Cloud's Code of Conduct specifically addresses responsibilities and expected behaviour with respect to the protection of information.
Use of Subprocessors
intelHUB Private Cloud directly conduct the majority of data processing activities required to provide the Cloud Platform services. However, we do engage some third-party vendors to assist in supporting these services. Each vendor goes through a rigorous selection process to ensure it has the required technical expertise and can deliver the appropriate level of security and privacy.
We make information available about intelHUB Private Cloud subprocessors supporting Cloud Platform services, as well as third-party subprocessors involved in those services, and we include commitments relating to subprocessors in our current and updated data processing agreements.
According to the GDPR, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
intelHUB Private Cloud operates a global infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication with customers over the Internet, and safe operation by administrators. The intelHUB Private Cloud Platforms run on this infrastructure.
Security of the infrastructure is designed in layers that build upon one another, from the physical security of data centres, to the security protections of the hardware and software, to the processes we use to support operational security. This layered protection creates a strong security foundation for everything we do.
Availability, Integrity & Resilience
The components of the platform is designed to be highly redundant. The data centres are geographically distributed to minimise the effects of regional disruptions on global products such as natural disasters and local outages. In the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another so that operations can continue without interruption. The highly redundant infrastructure helps customers protect themselves from data loss.
intelHUB Private Cloud conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams to test communication plans, fail-over scenarios, operational transition, and other emergency responses. All teams that participate in the disaster recovery exercise develop testing plans and post mortems which document the results and lessons learned from the tests.
intelHUB Private Cloud uses encryption to protect data in transit and at rest. Data in transit to the platform is protected using HTTPS, which is activated by default for all users. intelHUB Private Cloud Platform services encrypt customer content stored at rest, without any action required from customers, using one or more encryption mechanisms.
For intelHUB Private Cloud employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as dictated by intelHUB Private Cloud security policies.
We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help identifying vulnerabilities in the Cloud Platform, and other intelHUB products. Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.
Administrators can export customer data, via the functionality of the Cloud Platform services, at any time during the term of the agreement. We have included data export commitments in our data processing terms for several years, and we will continue offering those after the GDPR comes into force, and working to enhance the robustness of the data export capabilities of the Cloud Platform services.
You can also delete customer data, via the functionality of the footer link at any time. When intelHUB receives a complete deletion instruction from you (such as when an email you have deleted can no longer be recovered from your “trash”) , intelHUB will delete the relevant customer data from all of its systems within a maximum period of 180 days unless retention obligations apply.
Data Subject's Rights
Data controllers can use the Cloud Platform administrative consoles and services functionality to help access, rectify, restrict the processing of, or delete any data that they and their users put into our systems. This functionality will help them fulfil their obligations to respond to requests from data subjects to exercise their rights under the GDPR.
Data Protection Team
Our Cloud Platform customers have a dedicated team where data protection related enquiries can be directed using the support ticket system.
Incident NotificationsThe intelHUB Private Cloud Platform have provided contractual commitments around incident notification for many years. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements and the updated terms that will apply starting on 25 May 2018, when the GDPR comes into force.
The GDPR provides for several mechanisms to facilitate transfers of personal data outside of the EU. These mechanisms are aimed at confirming an adequate level of protection or ensuring the implementation of appropriate safeguards when personal data is transferred to a third country.
Appropriate safeguards can be provided for by model contract clauses. An adequate level of protection can be confirmed by adequacy decisions such as the ones that supports the EU-U.S. Privacy Shields.
We contractually commit under our current data processing agreements to maintain a mechanism that facilitates transfers of personal data outside of the EU as required by the Data Protection Directive, and will offer a corresponding commitment starting on 25 May 2018, when the GDPR comes into force.
What You Can Do
|What are your responsibilities as a customer?||Where should you start?|
|intelHUB Private Cloud Platform1 customers will typically act as the data controller for any personal data they provide to intelHUB in connection with their use of intelHUB’s services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. intelHUB Private Cloud is a data processor and processes personal data on behalf of the data controller when the controller is using intelHUB Private Cloud Platform.
Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.
If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority under the GDPR (as applicable)2, as well as by reviewing publications by data privacy associations such as the International Association of Privacy Professionals (IAPP).
You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for legal advice.
As a customer of intelHUB Private Cloud, now is a great time for you to begin preparing for the GDPR. Consider these tips:
Familiarise yourself with the provisions of the GDPR, particularly how they may differ from your current data protection obligations.
Consider creating an updated inventory of personal data that you handle. You can use some of our tools to help identify and classify data.
Review your current controls, policies, and processes to assess whether they meet the requirements of the GDPR, and build a plan to address any gaps.
Consider how you can leverage the existing data protection features on intelHUB Private Cloud as part of your own regulatory compliance framework. Conduct a review with us to assess any materials to see how they may help with this exercise.
Review and accept our updated data processing terms via the opt in process for our Private Cloud Data Processing and Security Terms. The updated terms will apply starting on 25 May 2018 when the GDPR comes into force.
Monitor updated regulatory guidance as it becomes available, and consult a lawyer to obtain legal advice specifically applicable to your business circumstances.
1 intelHUB Private Cloud Platform includes services for Business and Education.
2 We recommend you seek independent legal advice to determine your appropriate national or lead data protection authority.
What is the GDPR?
When will the GDPR take effect?
The GDPR will be directly applicable in all European Union Member States starting from 25 May 2018.
Does GDPR affect me?
If the GDPR applies to intelHUB’s processing of your data — for example, if you are established in the European Union, or established outside the European Union but offer goods/services to data subjects who are in the European Union — it requires your contract with intelHUB to contain certain data processing terms. Unless you accept the DPA 1.0 (Data Processing Amendment), your contract will lack those terms. We therefore recommend that you accept the DPA 1.0 on behalf of your organisation or seek legal advice.
Does the GDPR require storage of personal data in the EU?
No. Like the 95/46/EC Directive on Data Protection, the GDPR sets forth certain conditions for the transfer of personal data outside the EU. Such conditions can be met via mechanisms such as model contract clauses.
What role do third-party ISO 27001, ISO 27017, ISO 27018, and SOC 2/3 reports play in compliance with the GDPR?
Third-party ISO certifications and SOC 2/3 audit reports can be used by customers to help conduct their risk assessments and help them determine whether appropriate technical and organisational measures are in place.
How do we handle our GDPR commitment to our Education customers?
As a intelHUB Private Cloud Education customer, you control all the data your business submits and stores in the Private Cloud services. We process your data only according to our agreement with your business. We do not use data you put into Private Cloud suite for advertising.
We provide deletion commitments, as well as transparency on subprocessing by vendors (such as support services) and the locations of our data centres.
When we handle end user personal data for this product on the customer’s behalf, we will act as the customer’s processor under the GDPR.
How do we handle our GDPR commitment to our Business customers?
As a intelHUB Private Cloud Platform customer, you choose what data your business stores and what applications your business creates and runs on the service. We process your data only according to our agreement with your business. We do not use data you put into the intelHUB Cloud Platform for advertising.
We provide deletion commitments, as well as transparency on subprocessing by vendors (such as support services) and the locations of our Cloud network. To provide assurances you may request the location of our data centers https://www.intelhub.net/gb/content/25-datacenters and where your data is located.
When we handle end user personal data for this product on the customer’s behalf, we will act as the customer’s processor under the GDPR.
We recommend you read up on the ICO (Information Commissioner's Office)
Data protection law is changing on 25 May 2018 and organisations need to be ready for the General Data Protection Regulation (GDPR). The ICO has produced a package of tools and resources to help you get ready.
One great PDF document is: 12 Steps To Take Now