NodeChef GDPR compliance readiness

Everyone is talking about GDPR. Preparing for GDPR is a priority for many of our customers. It is a priority for NodeChef as well!

GDPR stands for “General Data Protection Regulation.” It is a data protection law adopted by the European Union (EU) to strengthen individuals in the EU fundamental right to privacy and the protection of personal data. Any company that serves European customers (regardless of where in the world they are) and collects or processes their data will have to be in compliance with GDPR. Any company that is not compliant faces fines and penalties.

The GDPR regulates personal data, which includes the collection, use, disclosure, storage, manipulation, and erasure of personal data. Personal data is any information relating to an identified or identifiable individual, including but not limited to: names, email addresses, photos, bank details, location data, IP addresses, and cookie identifiers.

The GDPR was adopted on April 27, 2016 and becomes effective May 25, 2018.

GDPR divides companies dealing with personal data into “data controllers” and “data processors.” A data controller determines the purpose of the personal data and tells the data processor what to do with the data.

It is important to note that NodeChef is generally considered a data processor and if you are NodeChef customer, you will be considered a data controller. As a hosting service, NodeChef processes, on behalf of our customers, personal data contained in any files, applications or content uploaded to our platform by NodeChef customers or their end users. Our customers determine what personal data is hosted by NodeChef.

Data controllers must comply with the GDPR’s principles, including transparency and lawfulness of the processing. Data processors must act pursuant to the controller’s instructions, secure the data, and help data controllers comply with the GDPR.

Below are some General Data Protection Regulation questions that we have gotten.

Will NodeChef be compliant with GDPR by May 25?

NodeChef is committed to the core principles of the GDPR. We have taken many technology measures, including encryption, to securely backup and restore data, and to ensure data integrity. We are aligning our business processes, and policies, to help us meet our obligations. Our team is required to take GDPR training to ensure that all employees are up to date with these regulations..

Can you wipe data upon request?

Yes, as a data processor, if you, as a data controller, request that we delete data, we can do that for you.

Are the servers part of any safe harbor agreement? Any data stored that is of EU origin if stored outside the EU needs to be regulated and part of GDPR or safe harbor.

NodeChef has not entered into any safe harbor agreement. All our servers, whether in the EU region or outside are regulated by GDPR as we are working with our IaaS on compliance with GDPR.

Is the data encrypted in the DB. This would not until now be normal practice. Is this happening now.

We give our customers the option to enable SSL on the DB to encrypt data in transit.

We’re here for you. If you have any questions please do not hesitate to contact us or raise a ticket from the dashboard.