GDPR FAQ

What is GDPR?

It's a new framework for data protection that's meant to unify the various data protection laws across Europe. The new agreement was approved in April 2016 and will be enforced starting May 25, 2018. US businesses that have offices in Europe or collect or use EU data for any reason will be affected.

When it comes to hosted data, is Online Tech a controller or a processer?

Let’s start with a very quick explanation of what ‘controller’ and ‘processor’ mean. A controller is the person who determines why and how personal data is processed. A processor is the person who processes personal data on behalf of the controller. Online Tech is primarily responsible for providing its customers with hosting infrastructure and does not regularly have access to data kept on its servers. We only process hosted data in accordance with the customer’s instructions. With this in mind, Online Tech is a processor of hosted data; the customer is a controller.

Will GDPR change the way Online Tech treats customer data?

We will continue to treat customer data with the sensitivity and confidentiality required. All of Online Tech’s fully managed solutions meet compliance and security requirements of PCI, SOC 1 and 2, HIPAA and Privacy Shield. In addition, Online Tech will be adding ISO 27001 and HiTrust to its compliance’s in 2018. As always, we will continue to invest in the security of our customer solutions to ensure it remains compliant with applicable legislation.

With the new GDPR, can an EU customer continue host personal data outside of the EU?

Personal data Provided certain legal mechanisms are in place, EU customers can host personal data outside of the EU. EU law provides that personal data may be transferred outside of the EU and the EEA when an adequate level of protection for that data is guaranteed.

To help achieve this level of protection, we are Privacy Shield certified: https://www.privacyshield.gov/participant?id=a2zt0000000TOxEAAW&status=Active

Privacy Shield is a US Department of Commerce program that enables companies to self-certify. It allows for the transfer of personal data from the EU to the US and focuses on the methods of data transfer, including third-party transfers. The agreement is designed to ensure that when a non-EU company processes personal data which has come from the EU, such processing is compliant with EU data protection standards.

Do we have a procedure for handling complaints raised about customer hosted data?

Please see our privacy policy for how Online Tech handles customer data: http://www.onlinetech.com/privacy

How does Online Tech handle Data Processing Addendums?

We are in the process of creating our own Data Protection Addendum (DPA) to serve as a contract for how we specifically process data from outside the United States. If you have your own DPA that you require us to sign, please contact Jason Yaeger at This email address is being protected from spambots. You need JavaScript enabled to view it..

Get started now. Exceptional service awaits.