General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the European data protection regulation adopted by the EU Commission to replace the EU Data Protection Directive, also known as Directive 95/46/EC. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled.
We would like to provide you with answers to some of the questions that we hear from our customers relating to GDPR. We also want to provide some detail on what we have done to become GDPR compliant and what services we offer to our customers to help them meet their compliance obligations.
FAQs about (GDPR)
Phocas continues to treat customer data with the required level of sensitivity and confidentiality. Phocas uses Rackspace, one of the leading cloud service providers, as its sub processor. Learn more about the Rackspace security practices at https://www.rackspace.com/compliance.
Phocas will continue to invest in the security of its customer solutions to ensure it remains compliant with applicable legislation.
Provided certain legal mechanisms are in place, EU customers can host personal data outside of the EU. Personal data may be transferred outside of the EU and the EEA when an adequate level of protection for that data is guaranteed.
To help achieve this level of protection Phocas uses AWS and Rackspace as its sub-processors for cloud provision. AWS and Rackspace ensure adequate safeguards are in place, including entering Standard Contractual Clauses 2010/87/EU, approved by the European Commission, with third party recipients.
Please contact your account manager if you need a Rackspace Data Processing Addendum that includes EU Standard Contractual Clauses.
The current laws allow Phocas and its sub-processors to process personal data and therefore support your services from outside the EEA if you have given us your consent, or if data is transferred to a non-EU jurisdiction deemed by the European Commission to offer an adequate level of protection for personal data, or if the transfer is subject to model contracts.
Phocas is able to offer high quality support by operating a 24/7 "follow the sun" support model that leverages our support consultants in the countries where we operate. Therefore sometimes we will need to provide you with support from outside the EU. We comply at all times with applicable laws.
Transfers of personal data originating from other locations globally to Phocas affiliates are subject to the terms of the intra-company data processing agreement which requires all transfers of personal data to be made in compliance with applicable Phocas security and data privacy policies and standards.