Webbula GDPR

Webbula is Committed to GDPR

Webbula is committed to providing secure services by implementing and adhering to prescribed compliance policies, both as a data controller and processor. The upcoming GDPR enforcement is critical to our mission of providing all our global customers with safe and dependable data quality. For more information or questions about the Webbula’s Privacy Policy, please contact privacy@webbula.com

What is Truth in Data?

Since day one Webbula has been committed to the highest possible standards when it comes to data security, safety, and responsibility. Our passion and our mission have always been, and will remain, Truth in Data – a statement that incapsulates everything we do on behalf of our customers and their data.

Our adherence to the General Data Protection Regulation (GDPR) changes are just another opportunity for Webbula to demonstrate our commitment to protecting our customer’s data security and privacy, and empower consent in how that data is collected, recorded, and used.

GDPR Global

What is the General Data Protection Regulation (GDPR)?

The GDPR is the European Union’s new, comprehensive privacy and data protection law that will take effect on May 25, 2018. The primary aim of the GDPR is to regulate how the personal data of EU residents is processed – even by businesses that have no physical or legal presence in the EU. Organizations can face hefty fines for non-compliance: up to €20 million or 4 percent of annual global revenue, whichever is higher.

Is there a GDPR certification? Is Webbula GDPR certified?

There is not yet any kind of recognized GDPR certification scheme. Webbula is taking the necessary steps to ensure that it is in compliance with the GDPR.

Webbula will offer customers and partners a new GDPR Data Processing Addendum (“DPA”). Signing the DPA amends our standard terms of service and Master Services Agreement (“MSA”) to reflect obligations required under the GDPR. This is the instrument that you can rely on to have certainty that Webbula will comply with the GDPR.

How can Webbula guarantee I will be able to use Webbula after the GDPR comes into effect?

When appropriate, Webbula will offer a new GDPR Data Processing Addendum, which can supplement our prior MSA.

The new DPA will govern the terms by which Webbula, as a data processor, processes data on behalf of its customers (who are typically data controllers) in accordance with Article 28 of the GDPR. According to Article 28 of the GDPR, data processors must act only upon the documented instructions of the data controller unless otherwise required by law. This, however, does not relieve Webbula of any of its obligations or liabilities under the GDPR. Webbula will be required to ensure that it is in compliance with the GDPR.

Who is Webbula’s Data Protection Officer (DPO)?

Webbula is conducting a review as to whether the appointment of a DPO is necessary under GDPR article 37.

Webbula Privacy Center

Visit our Privacy Center

Webbula is committed to the responsible use of the information we obtain through our online offline data resources.  Webbula strives to protect the data we maintain and process through the implementation of industry standard security measures, technology controls and operational processes. The Privacy Center is an extension of Webbula’s continued commitment of being at the forefront responsible data practices.

Who is Webbula’s representative in the European Union pursuant to Article 27 of the GDPR?

Webbula’s Article 27 Representatives are:

Matthew Joseph, CIPP/US
Zahradníčkova 1220/20A
Prague 150 00
Czech Republic
Email: matt@verasafe.com
Phone: +1-617-398-7067
Contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

VeraSafe Ireland LTD
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork 123AT2P
Ireland
Email: experts@verasafe.com
Phone: +1-617-398-7067
Contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

In accordance with Article 27 of the GDPR, supervisory authorities and persons whose personal data are being processed by Webbula may contact VeraSafe (Webbula’s Article 27 Representative) on all issues related to processing, for the purposes of ensuring compliance with the GDPR.

What is Webbula doing to ensure that it is compliant with the GDPR?

Webbula is currently re-papering vendor contracts and working with vendors to ensure they are compliant. Webbula is continuing to review its security measures, as we always do, to stay at the forefront of evolving industry standards and best practices. We have appointed a representative in the EU and an expert Data Protection Officer and are in the process of delivering a new Data Processing Addendum, all of which will ensure we’re satisfying the subcontracting obligations of a data processor under the law.

 

So Webbula will be compliant with the GDPR. Does that mean that I’m automatically compliant too? If not, where can I learn more about my own obligations?

Each organization that processes personal data, and that’s regulated by the GDPR, will face its own obligations to comply with the GDPR. While using a GDPR-compliant service like the ones Webbula offers can make it easier to comply, much of how you collect, use, and dispose of personal data is not determined by Webbula. Thus, each organization should get its own professional guidance on the topic to help ensure compliance. Here are some resources from the UK Information Commissioner’s Office:

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

Am I a data controller? Is Webbula a data processor?

Typically, a Webbula customer will be considered as a data controller (i.e., an organization that determines the purposes and means of the processing of personal data) and Webbula will be considered both a data controller and data processor under the law. Controllers and processors each have their own respective obligations under the law. Therefore, Webbula’s GDPR compliance plan looks a bit different from that of many of our customers. This doesn’t mean Webbula can’t be used by data controllers – quite the opposite. When a data controller engages a service provider like Webbula, the service provider is typically a data processor acting on behalf of the controller, and the processor acts at the behest of the controller. As stated above, Webbula’s DPA will govern the relationship, and the nature of the processing activities, as between Webbula and its customers, regardless of which entity plays which role.

We Stand Ready to Help

If you have any questions, comments, or concerns please feel free to contact us directly at privacy@webbula.com

We will continue to revise this page as updates become available, so be sure to check back often.