GDPR compliance and data processing agreement

22. May, 2018

On the 25th of May 2018, the General Data Protection Regulation (GDPR) from EU will enter into force.

In short, the regulation is about ensuring better protection of EU citizens' data. GDPR is therefore relevant to all companies and organizations that store data about citizens in Europe.

As a customer at Cloud.dk, you may store information and data on one or more servers hosted by us. It is important to know that as soon as you collect personal data about other EU citizens – for example names, addresses, email addresses etc. - you are data controller for that data. That means that you have the ownership of the data. As data controller, it is your responsibility that you process data in accordance with the regulation and that you can prove this compliance.

If you use another company, a supplier of some kind, to process or store data for you, they are data processors. Do you store personal data at Cloud.dk, for example at a Cloud Server, we are data processor as we process data on behalf of the data controller, in this case you.

However, as a data controller you are still responsible for the data, even if it is stored with others. In order to ensure that you comply with the General Data Protection Regulation, it is therefore important to enter into data processing agreements with all your data processors. Most likely you have more than one. You can request a data processing agreement with Cloud.dk here: https://cloud.dk/en/compliance. On this page, you can also read more about the sub data processors we use, and you can keep up to date on how we comply with GDPR.

You can find more information and instructions for GDPR here:

Written by Anders Eiler. CTO @ Clouddk