The General Data Protection Regulation (“GDPR”), set to go into effect on May 25, 2018, is an iteration of the existing data protection law defined and enforced by the European Union (“EU”). The GDPR is a substantial overhaul of the existing data protection framework under the European Union Data Protection Directive, as the world and technology have greatly evolved over the years.

The GDPR imposes new rules on organizations that offer goods and services to people in the EU, or that collect and analyze personal data tied to EU data subjects.
Failure to comply with the GDPR can result in extremely high fines; the higher of up to 4% of global turnover or €20 Million Euro.

We are fully committed to comply with GDPR prior to its effective date, thus, for months, we have designated an internal team, which are accompanied by the company’s legal consultants and other professional and expert consultants, for the sole purpose of ensuring all required actions are taken in order to achieve GDPR compliance.

We have invested, and will continue to invest substantial efforts and resources to support the GDPR compliance process.

Following is an overview of the Process and the actions which are currently accomplished by us:

  • We are in the process of an in-depth audit of the for the purpose of obtaining the ePrivacy seal ensuring compliance with the GDPR requirements.
  • We have completed the process of mapping out all of our data sets and our technical and organizational security measures, all as stipulated in our security policy. For more information please visit: Security.
  • We have ensured there is an applicable lawful basis for any and all processing of EEA users’ Personal Data.
  • We have ensured all documents, including without limitations, agreements, privacy policies online terms, DPAs are compliant with applicable GDPR requirements.
  • We have appointed a DPO in order to ensure ongoing compliance with the GDPR which can be contacted at dpo@ironmountain.tech
  • We have trained our personal and employees to educate them on the GDPR, company’s data practices and the importance of security.