On May 25, 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force when the EU’s General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
Orbitera, which is part of Google Cloud, is committed to GDPR compliance across our services. We are also committed to helping our customers with their GDPR compliance journey by providing them with the privacy and security protections we have built into our services over the years.
Orbitera customers will typically act as the data controller for any personal data they provide in connection with their use of Orbitera’s services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. Orbitera is a data processor and processes personal data on behalf of the data controller when the controller is using Orbitera services. Our terms of service articulate our commitments to customers, and we are updating them to address the GDPR changes and making those updates available to customers in the coming weeks.
If you are a data controller, you are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Data controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data. If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority under the GDPR (as applicable), as well as by reviewing publications by data privacy associations such as the International Association of Privacy Professionals (IAPP).
You should seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing in this article or on this website is intended to provide you with, or should be used as a substitute for, legal advice.