What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union that comes into effect on May 25, 2018. You can read more about the regulation (EU) 2016/679 at EUR-Lex.

Who does the GDPR effect?

The GDPR is relevant to all EU-based businesses and anyone processing or handling the personal data of EU citizens. If you ever use, record, collect or erase personal data from EU citizens then GDPR will effect you and you should be familiar with what the regulation entails.

What has Divio done to prepare for GDPR?

The GDPR is not news to us and we have long been preparing for it. We are committed to GDPR compliance and welcome the changes.

In addition to providing updated and new policies, a new privacy feature has been added to the Divio Control Panel to allow for greater control over what data our users choose to share with Divio and provide an easy one-step opt-out of emails. 

You can find this feature by logging into the Divio Control Panel and selecting account settings or directly at https://control.divio.com/account/change-privacy-settings/

Furthermore, we have reviewed our service offering and made adjustments in accordance with GDPR compliance.

What is a data subject access request ?

The GDPR introduces a concept of a "Data Subject" which provides the 'right of access' to individuals to confirm their data is being processed and provide access to it.

Recital 63 of the GDPR states “a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.”

You can find the relevant section at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

In accordance with complying, we provide a service for requesting data subject access.

You can find the request form at https://www.divio.com/en/terms-and-policies/data-subject-access/

What can Divio do to assist customers in meeting their GDPR obligations?

The GDPR introduces data processors and data controllers and makes reference to them extensively. We suggest reviewing the GDPR entirely to better understand the roles.

Divio is classified under GDPR as a Processor in that we process data in behalf of data controllers (Controllers). In our role as a Processor, we can assist in the following ways:

  • Supporting our customers in complying with requests from Data Subjects. 
  • Aggregating applicable personal data for customers when replying to requests from Data Subjects
  • Replying to inquiries from supervisory authorities concerning processing activities on behalf of a customer
  • Implementing and conducting Data Protection Impact Assessments

Where can I read about Divio's terms of service and policies?

You can find all our terms and policies at https://www.divio.com/en/terms-and-policies/terms/

In relevance to changes for GDPR :

Personal data protection policy - https://www.divio.com/en/terms-and-policies/personal-data-protection-policy/

Data retention policy - https://www.divio.com/en/terms-and-policies/data-retention-policy/

Privacy notice - https://www.divio.com/en/terms-and-policies/privacy-notice/

I have a question, where can I get more help?

If you have any questions, or encounter any issues, please contact our support.