General Data Protection Regulation (GDPR) is the legal framework for data privacy across the European Union which has been in force since 25 May 2018. Its official title is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
The purpose of the GDPR is to harmonise a set of standardised data protection legislation across the European Union (EU) and the European Economic Area (EEA). Furthermore, one of the fundamental principles of GDPR is also extraterritorial where the remit of the Regulation goes beyond the frontiers of the EU and EEA in certain circumstances.
Definitions of GDPR
GDPR runs to over 99 articles and a further 173 recitals in which guidance is given to data processors, controllers and individual citizens. Article 4 contains a list of definitions; some of which are listed below:
- Personal Data: any information which makes a natural person (“data subject”) identifiable
- “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data – automated or otherwise.
- Controller: the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Cloudalize as a Processor
According to the definition of GDPR, Cloudalize is a “Data Processor” because it processes personal data on behalf of data controllers. This is the case when you as a data subject use the services of Cloudalize or your personal data is stored on Cloudalize’s infrastructure. Cloudalize processes data according to the regulations and recitals of GDPR. As such, Cloudalize asserts the following:
- Process data only for the purpose of providing better services to you;
- Store your data inside the EU and other third-countries which provide sufficient data protection legislation meeting portability requirements of the European Data Protection Board (EDPB);
- Apply encrypted security features as standard;
- Report any data breach to you without “undue delay”;
- Execute a Right-to-Erasure request under Article 17.
Cloudalize as a Data Controller
Under articles 13 and 14 of GDPR, you have the right as an individual:
- To ask Cloudalize who we are and why Cloudalize is asking you for personal data;
- To know Cloudalize’s purpose for collecting personal data and the legal basis for doing so;
- To know the identity of Cloudalize’s Data Protection Officer (DPO) and the means for contacting this person;
- To know how long Cloudalize plan to store your personal data, as well as other specific rights detailed below;
- To know which organisations are the recipients of any personal data that you have provided to Cloudalize;
- To request that Cloudalize stop collecting and processing your personal data by withdrawing your consent at any time without affecting the lawfulness of processing;
- To have your data sent to you in a machine-readable format for data portability;
- To lodge a complaint with the Belgian Data Protection Authority (DPA) if you believe Cloudalize has violated your rights as a Data Subject.
Article 15: Right of Access by Data Subject
Under Article 15, you have the right to have access to the personal data that Cloudalize has collected on you. This includes for the purposes of processing, categories of personal data, recipients of your personal data, anticipated length of storage of your personal data as well as restriction of processing, objecting to continued processing and erasure as described in Article 17 below.
Article 16: Right to Rectification
You have the right to ask us to correct any errors or incomplete statements in your personal data. You may submit a supplement indicating the corrections to be made and ask Cloudalize to provide you with a corrected personal data entry.
Article 17: Right to Erasure
On deactivation of a Cloudalize account, you have the right under Article 17 of GDPR to have any data deleted. This request must be submitted as support ticket quoting Article 17 GDPR – Right to Erase
Article 39: Data Protection Officer (DPO)
Article 47: GDPR Expertise
Cloudalize employees receive regular GDPR training as outlined in Article 47. This training is supervised by the Data Protection Officer of Cloudalize as part of the tasks outlined in Article 39.
Legislation of the Kingdom of Belgium
GDPR was adopted into Belgian federal legislation by the Law of 30 July 2018. This legislation applies to the processing of personal data – in the context of the activities of an establishment of a controller or processor – on the Belgian territory, regardless of whether the processing takes place on the Belgian territory or not.
Cloudalize reports to the Belgian Data Protection Authority (DPA).
Note: Originally published on 5 November 2019; Updated on 24 November 2020
- European Union (2018) General Data Protection Regulation (GDPR). Available here.
- European Directorate-General of Justice (2018) EU data protection rules Available here.
- Belgian Data Protection Authority (2020) Lodge a complaint Available here
- European Data Protection Board (EDPB) (2019) About EDPB Available here
- Law of 30 July 2018 on the Protection of Individuals with Regard to the Processing of Personal Data