Station-Lab & the General Data Protection Regulation (GDPR)
Compliance with the GDPR is a top priority for Station-Lab and our customers. The GDPR aims to strengthen personal data protection in Europe, and impacts the way we all do business. We’re sure you have many questions, and we’re here to help. Station-Lab takes a customer-centric approach on protection, control, and compliance, and we want to be a key facilitator on your GDPR journey.
What is the GDPR?
The GDPR, which went into effect on May 25, 2018, replaced the 1995 EU Data Protection Directive.
The GDPR lays out specific requirements for businesses and organizations which are established in Europe or which serve users in Europe:
- It regulates how businesses can collect, use, and store personal data
- It builds upon current documentation and reporting requirements to increase accountability
- It authorizes fines on businesses which fail to meet its requirements
What we do
At Station-Lab, we champion initiatives that prioritize and improve the security and privacy of user data. We’ve made multiple updates to ensure that Station-Lab customers can confidently use our services now that the GDPR is in effect. Partner with Station-Lab and we will support your efforts by:
- Committing in our contracts to comply with the GDPR in relation to our processing of customer personal data in all Station-Lab Platforms and Suite of services
- Offering additional security features that may help you to better protect the personal data that is most sensitive
- Giving you the documentation and resources to assist you in your privacy assessment of our services
- Continuing to evolve our capabilities as the regulatory landscape changes
Station-Lab Commitments to the GDPR
Among other things, data controllers are required to only use data processors that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR.
Data Protection Expertise
Station-Lab employs security and privacy professionals that include some of the world’s foremost experts in information, application, and network security. This expert team is tasked with maintaining the company’s defence systems, developing security review processes, building stronger security infrastructure, and precisely implementing Station-Lab security policies.
Station-Lab also employs lawyers, regulatory compliance experts, and public policy specialists who look after privacy and security compliance for Station-Lab.
These teams work with customers, industry stakeholders, and supervisory authorities to ensure our Services can help customers meet their compliance needs.
What you can do
What are your responsibilities as a customer?
Our customers will typically act as the data controller for any personal content they provide to Station-Lab via their use of Station-Lab services. The data controller determines the purposes and means of processing personal data. Then there’s the data processor. That’s typically us. As a data processor, Station-Lab processes personal data on behalf of the data controller when the controller is using our Platform.
What is a data controller?
Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights in regards to their data.
You can find guidance related to your responsibilities under the GDPR, by regularly checking your national or lead data protection authority websites and publications by privacy associations such as the International Association of Privacy Professionals (IAPP). We will also ensure that this GDPR page is updated with the latest news and updates.
This site is intended to help our customers better understand Station-Lab’s GDPR stance. We recommend that you consult with a legal expert to obtain guidance on the specific requirements applicable to your organization, as this site does not constitute legal advice.
Where should you start?
As a customer of Station-Lab, GDPR should be part of your data protection compliance strategy. Consider these tips:
- Familiarize yourself with the provisions of the GDPR
- Create an updated inventory of personal data that you handle. Identify and classify your gaps.
- Review your current controls, policies, and processes for managing and protecting data with the GDPR’s requirements. Find the gaps and create a plan to address them.
- Consider how you can leverage the existing data protection features on Station-Lab as part of your own regulatory compliance framework.
What is the GDPR?
Does the GDPR require storage of personal data in the EU?
No. Like the 95/46/EC Directive on Data Protection, the GDPR sets forth certain conditions for the transfer of personal data outside of the EU. Such conditions can be met via mechanisms such as model contract clauses.
Does the GDPR give customers the right to audit Station-Lab?
Under the GDPR, audit rights must be granted to data controllers in their contracts with data processors. Our updated data processing agreements include audit rights for the benefit of our customers.
What role do third-party ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and SOC 2/3 reports play in compliance with the GDPR?
Our third-party ISO certifications and SOC 2/3 audit reports can be used by customers to help conduct their risk assessments and help them determine whether appropriate technical and organisational measures are in place.