The General Data Protection Regulation (GDPR) was enforced on May 25th, 2018. GDPR is a legislative change in the EU data protection laws which seeks to strengthen the security and privacy of personal data in the EU. KeyCDN is committed to adhering and meeting the requirements of this new regulation to ensure the security and privacy of both our customers and residents of the EU.
To satisfy the requirements of GDPR we've implemented several best practices and processes as specified by the GDPR guidelines.
GDPR applies to any company or organization that collects personal data of EU residents. This not only applies to companies or organizations within the EU, but to those anywhere in the world as long as they are collecting EU-resident data.
KeyCDN customers typically act as data controllers, whereas KeyCDN acts as the data processor. Data controllers determine why and how data will be processed while data processors process the data on their behalf. As a controller, you are responsible for, and need to be able to demonstrate, compliance with the principles of processing personal data. These are: lawfulness, fairness and transparency, data minimization, accuracy, storage limitation and integrity, and confidentiality of personal data.
KeyCDN allows data controllers to gather visitor log information for the purpose of analyzing, testing, and troubleshooting. Client IP addresses are anonymized within the content delivery logs provided. Furthermore, statistical data is aggregated and does not contain any personal data.
There are scenarios where personal data may be collected through visitors browsing a website, which depends on how such a website is structured. This includes information stored in the user-agent, referrer or URL. As soon as those fields contain personal data, it is defined as an order or commission for data processing according to Article 28 of the GDPR (General Data Protection Regulation, a European Union regulation). In the event that this applies to you, you are required by law to complete a Data Processing Agreement (DPA). Please open a support request to receive the agreement.
We are committed to our customers' success, including compliance with the GDPR. Our privacy team is continually reviewing our features and practices to ensure we support our customers with their GDPR compliance requirements.
We encourage all of our customers to start reviewing their data security processes in preparation for GDPR compliance.