The General Data Protection Regulation
(GDPR)

Gain knowledge and make good decisions to support GDPR-compliance in your data center.

What is the GDPR?

The European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, replacing the European Data Protection Directive of 1995, and is designed to harmonize data privacy laws across EU member states, protecting EU citizens’ personal data. The GDPR will:

  • Aim to give control to EU member nation residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

  • Apply to any company processing personal data of individuals residing in the EU, regardless of the company’s location.

  • Require controllers and processors of personal data for EU member nation residents to make sure their personal data is not only secure, but also kept for only as long as required for its initial purpose.

Data Controllers

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

Service providers usually fit in this category.

Data Processors

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Service providers sometimes fit in this category.

EU Residents

Individuals living in the EU whose personal data is stored or processed by any business that collects it, or handles it in any way, in accordance with GDPR requirements.

Service providers must manage data accordingly.

What Should Service Providers Do?

Service providers should do their research to understand whether they need to pay a lot of money on new infrastructure, or if they can get substantially more out of the infrastructure they already have in place to address their unique GDPR compliance challenges. Here are some helpful resources that can inform them toward making those decisions:

We’re all going to have to change how we think about data protection … However fast regulation moves, technology moves faster. Especially as far as data is concerned.

– Elizabeth Denham, UK Information Commissioner

What Are the Penalties for Non-Compliance?

Fines for non-compliance after the GDPR goes into effect on May 25th will be as high as €20 million (approx. $24 million USD) or 4% of a company’s global revenue, whichever is greater, and depending on the severity of the infringement, such as not having sufficient customer consent to process data or transferring personal data to a recipient in a third country or an international organization.

What is Virtuozzo Doing about GDPR?

We have ensured that our privacy policy is current and in compliance with the GDPR. You can view it here. For more information about Virtuozzo’s legal policies, click here.

Virtuozzo products are neither controllers nor processors of personal data. Either of these responsibilities, depending on how the data is managed, belongs to service providers. To learn more, please contact us at privacy@virtuozzo.com.