GDPR Compliance
What is GDPR?
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The enforcement date of GDPR is 25 May 2018.
Is Magnus Box GDPR Compliant?
Magnus Box can be part of your GDPR compliant backup offering, however you will have to ensure that you fulfil your own GDPR obligations as well. It maybe advantageous to engage a GDPR consultant or agency to ensure your compliance.
What aspects of using Magnus Box will help with providing a GDPR compliant backup offering?
- Encryption: Magnus Box always encrypts all user data before storing it. It remains encrypted during transfer and also at rest in the storage destination, even in a scenario where the storage destination is compromised the data remains unreadable.
- Server and Storage Locations: Currently Magnus Box's storage arrays are located in the United States and the EU. It is a huge misconception that EU data has to stay in the EU. Because the data is encrypted and unreadable, it meets the requirements for GDPR.
- Access: We respect the privacy and security of your server instance. In the unlikely event that Magnus Box staff would require direct access your Magnus Box server instance, your consent will be sought first and this access will only be undertaken if consent is granted by you.
- Removal of data: You have total control over the data including deletion options if a customer requests it from you. Once a storage bucket or user is deleted, it is removed from the Magnus Box network immediately.