On May 25, 2018, a new European data protection regulation approved by the EU Commission will become effective. The General Data Protection Regulation (GDPR). replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and regulate how organizations across the region manage data privacy. This will strengthen security.

In light of this, we want to update you on what MGT-Commerce has done to ensure that we will be ready for GDPR and what services we offer our customers to help them meet their compliance obligations.

In addition, we would like to provide answers to some of the queries we often receive from our customers. If you do not find the information you are looking for on this page, feel free to contact us.

FAQs about the General Data Protection Regulation

Will GDPR change the way MGT-COMMERCE GmbH treats customer data?

MGT-COMMERCE GmbH continues to treat customer data with the required level of sensitivity and confidentiality. MGT-COMMERCE GmbH will remain investing in the security of its customer solutions to ensure it stays compliant with applicable legislation.

Is there a data breach of the data protection laws if MGT-COMMERCE GmbH transfers my personal data outside the EU/EEA?

The current laws allow MGT-COMMERCE GmbH to process personal data and therefore support your services from outside the EEA if you have given us your authorization or if data is transferred to a non-EU jurisdiction deemed by the European Commission to offer an adequate level of protection for personal data, or if the transfer is subject to model contracts.

When it comes to customer data, is MGT-COMMERCE GmbH a controller or a processor?

Under the GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. MGT-COMMERCE GmbH has limited knowledge of the data that each customer processes via the hosting infrastructure (“Customer Data”). Also, MGT-Commerce only processes Customer Data in accordance with the customer’s instructions. Therefore, MGT-Commerce is a processor of Customer Data hosted at MGT-Commerce; the customer is a controller.

With the new GDPR, can an EU customer continue hosting personal data outside the EU/EEA?

European Union customers can host personal data outside the EU, provided certain legal mechanisms are in place. When that data is protected adequately, personal data may be transferred outside of the EU and the EEA.

Will the Data Protection laws/GDPR apply when Britain leaves the EU?

The U.K. legislation on data protection (Data Protection Act 1998) is derived from the EU Directive on data protection. The U.K. Information Commissioner has confirmed that it will comply with the GDPR as the new General Data Protection Act, effective from May 2018, will replace the U.K. legislation. This will be done to enable the U.K. to do business in Europe.

What services does MGT-COMMERCE GmbH offer to help me comply with GDPR?

Firstly, review the GDPR to decide whether it applies to your organization. If GDPR applies, ensure that you implement appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR.

While we cannot guarantee that your company is GDPR-compliant, we offer many products and services to help you meet some of the GDPR requirements. We advise you to always work with a legally qualified professional to discuss GDPR, to understand how it applies specifically to your company, and to find the best manner to ensure compliance.

Please contact a representative at MGT-COMMERCE GmbH so we can help design a solution to fit your business needs.

How do I update my current agreement with MGT-COMMERCE GmbH in light of GDPR?

Customers who need to incorporate GDPR provisions into their agreement can follow the instructions in the following document.

Helpful Links

Amazon’s EU Data Protection information is easily accessible here:
https://aws.amazon.com/compliance/eu-data-protection/.