Parse GDPR compliant hosting
Back4app is a Parse server hosting platform. We are ready to help you to be GDPR compliant.
Let's talk about GDPR
What is GDPR?
The GDPR - General Data Protection Regulation is an extensive new European law that mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. The GDPR was adopted on 27 April 2016 and becomes enforceable from 25 May 2018, after a two-year transition period. The GDPR will substitute the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to standardize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state. It applies to any company that processes personal data of EU citizens, irrespective of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors who may also handle personal data of EU citizens anywhere in the world.
When will GDPR be effective?
GDPR comes into effect on May 25, 2018.
What is a data controller?
An organisation that collects data from EU residents. means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. Back4App clients will usually act as the data controller for any personal data made available to Back4App.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.
What is a data processor?
An organisation that processes data on behalf of a data controller like cloud service providers. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Back4App will typically act as the data processor for any person data made available by our customers.
Who does GDPR apply to?
The GDPR applies to all organizations based inside or outside the EU that processes personal data of EU individuals. According to the European Commission Personal data is any information relating to an identified or identifiable natural person.
Data Controller or Data Processor?
- Back4App clients will usually act as the data controller for any personal data made available to Back4App.
- Back4App will typically act as the data processor for any person data made available by our customers.
Back4App as data controller
Back4App will act as a data controller when it determines the purposes and means of the processing of personal data. Some examples are: (I) When we store data regarding account registration, administration, services access. (II) When were store data regarding support activities.
Does Back4App offer a DPA - Data Processing Addendum?
Back4App offers a GDPR compliant DPA - Data Processing Addendum, allowing customers with GDPR contractual obligations. GDPR compliant DPA is available for download and signature here.
To opt in for GPDR customer must:
- Complete the Addendum by signing and providing the Customer’s full legal entity name, address and signatory information;
Download DPA (PDF) - Submit the completed and signed Addendum to Back4App via email to [email protected]
Audit:
Are Back4App services GDPR compliant?
If you have determined that you qualify as a data controller under the GDPR, Back4App provides GDPR compliant plans. The plans will be covered by the Data Processing Addendum that is part of our Terms of Service. Please note GDPR requirements will be covered only for the customers that sign the DPA and acquire a GDPR compliant plan. All other plans will not cover GDPR requirements.