The General Data Protection Regulation (GDPR)

Digital Millennium Copyright Act Services Ltd are committed to protecting your privacy. The General Data Protection Regulation (GDPR) is a landmark privacy law affecting the European Union (EU). The following outlines the efforts of DMCA.com to become compliant with the GDPR by the regulation deadline of May 25, 2018.

GDPR basics

What is the GDPR? The General Data Protection Regulation (GDPR) is a new privacy legislation that replaces the EU Data Protection Directive (Directive 95/46/EC) within the European Union. The GDPR regulates the collection, use, transfer, and sharing of personal data with the key purpose of protecting it. What constitutes personal data? Personal data includes any information related to a living resident or citizen of the EU that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, medical information, or even an IP address or cookie. Who does the GDPR affect? The GDPR affects companies processing the personal data of individuals residing in the European Union, regardless of a company’s location. It applies not only to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to or monitor the behavior of EU residents and/or citizens. How will the GDPR affect businesses? The GDPR requires organisations to be transparent on how personal data is collected, used, and stored. This requires transparency from organisations on what personal data is collected, purposes for which it is collected, and who it is shared with. It also requires companies to enable individuals whose personal data is being processed to exercise their rights in relation to their data. The GDPR also requires companies to ensure appropriate protections when EU personal data is transferred outside the EU (including transfers to the US). What new user rights does GDPR regulate?

1. • Right to Access. EU residents and citizens (or “Data Subjects,” as they are called in the regulation) have the right to obtain confirmation from the organisation that has collected their data as to whether their personal data is being processed, where, and for what purpose. They also currently have (and will continue to have under the GDPR) the right to receive a copy of this personal data.
2. • Right to Be Forgotten (or Data Erasure). Data Subjects can demand that the organisations erase their personal data and cease further dissemination of the data.
3. • Data Portability. Data Subjects can receive the personal data concerning them (which they have previously provided) in a machine-readable format and have the right to transmit that data to another organisation.

Why is it so important for businesses to be compliant? The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU persons and for transactions that occur within EU member states. And non-compliance could cost companies up to €20 million or 4% of their global annual turnover, whichever is greater.

Digital Millennium Copyright Act Services Ltd and the GDPR

What changes is Digital Millennium Copyright Act Services Ltd making for the GDPR? Digital Millennium Copyright Act Services Ltd has made the following changes to become compliant with the GDPR:

1. • Support for Data Subject Deletion/Access Rights for customers
2. • Updated, GDPR-compliant privacy framework

How does Digital Millennium Copyright Act Services Ltd ensure data security? Digital Millennium Copyright Act Services Ltd currently employs Microsoft Azure platform for client information. This platform uses the Security Development Lifecycle https://www.microsoft.com/en-us/sdl/default.aspx which incorporates privacy-by-design and privacy-by-default methodologies. Digital Millennium Copyright Act Services Ltd can meet and exceed GDPR data protection requirements to secure/encrypt personal data at rest and in transit, detect and respond to data breaches, and facilitate regular testing of security measures

1. Storage REST API over HTTPS, Transparent Data Encryption and the Always Encrypted database engine, as well as Azure Disk Encryption and Azure Storage Service Encryption
2. The Azure platform can ensure Personal information or personal data confidentiality, integrity, and availability of personal data using Advanced Threat Analytics, Application Gateway, Azure Active Directory, Azure Backup, Azure Key Vault, ExpressRoute, Log Analytics, Multi-Factor Authentication, Network Security Groups, Site Recovery, Traffic Manager, and VPN Gateway
3. Microsoft maintains security certifications for Azure, including ISO 27001, SOC 1 & 2 Type 2, FedRAMP, and PCI Level 1.

Does Digital Millennium Copyright Act Services Ltd offer a Data Processing Addendum? Yes, Digital Millennium Copyright Act Services Ltd can provide customers a robust Data Processing Agreement (“DPA”), governing the relationship between the customer and Digital Millennium Copyright Act Services Ltd.

Where can I learn more on how Digital Millennium Copyright Act Services Ltd processes data for customers and/or prospects? Digital Millennium Copyright Act Services Ltd maintains a Privacy Notice on our website that outlines how we collect and use data, how we share the data of customers, end users and leads. Please note, the existing Privacy Notice will be updated for GDPR prior to the GDPR effective date, May 25th.