GDPR

How ReeVo complies with the European Data Protection Regulation

What is the General Data Protection Regulation (GDPR)?

The GDPR is the regulation passed by the European Union (EU) parliament to strengthen data protection for all individuals within the EU. The Regulation protects the fundamental right to privacy and protection of citizens' personal data. It introduces stringent requirements that define and harmonise new compliance, security and data protection standards.

Compliant with the regulation

ReeVo services are compliant with the General Data Protection Regulation

This means that, in addition to benefiting from all the measures ReeVo already employs to maintain the security of the services it provides, our customers can use ReeVo services as an essential part of their GDPR compliance plans. ReeVo's services are all hosted in data centres located in Italy and offer the appropriate security and data protection guarantees to address the constraints of the new regulation.

The GDPR, which replaces and surpasses our Privacy Code, represents an evolution of the previous legislation, to which it adds new security criteria and responsibilities, as well as new obligations. In particular, the new European legislation requires that privacy and data protection be guaranteed in advance and those who process data are held responsible for their own risk assessment capabilities and also for the selection and certification of suppliers and partners.

The GDPR is in line with the way we think and act. Our security practices have always complied with the most widely accepted regulations and standards, and our focus on our customers has always included the strict protection of hosted personal data.

The GDPR provides for a big change in the approach to be used. It explicitly introduces several principles that were previously the basis of data protection law, such as the 'responsibility principle' and 'privacy by design', and encourages companies to take more responsibility for the protection of the personal data they handle.

It means that companies handling personal data must think about data protection from the moment they design processes and choose the systems with which to implement them, and not simply review the privacy implications after a product or process has been developed. If you process data on a large scale or deal with sensitive information, in some cases you will have to conduct a data protection impact assessment to meet the principles of privacy by design.

Every company must not only comply with the principles outlined in the GDPR, but must also demonstrate such compliance in line with the principle of accountability. This requires a comprehensive and clear internal privacy governance structure, as well as the use of trusted information processing providers.

Under the GDPR, companies are required to put in place a strict breach notification system and understand their specific obligations to report such breaches.

Why are ReeVo services GDPR-ready?

Privacy by design e privacy by defalut

Article 25

ReeVo has designed and engineered its services taking the utmost care of data protection requirements both in the design phase and in the development and production phase. The systems architecture and working methodologies applied serve to minimise the use of customers' personal data and to provide a secure and versatile platform, suitable for handling the data of its partners and their customers with peace of mind.

Data security

Our services are characterised by the highest security standards on the market throughout the information processing lifecycle. ReeVo provides its services using an infrastructure within Data Centres certified to the highest quality and security standards (ISO9001, ISO27001, TIER4, LEEDS, PCI DSS...). The services are available 24 hours a day, 365 days a year, thanks to advanced management and continuous monitoring systems and state-of-the-art technologies that guarantee continuity of services.

Transfer to third countries

The European Regulation sets strict limits for the transfer of data outside the European Union, and this also applies to the services and systems that host the data. As data may be stored in multiple locations by cloud service providers, it is possible that in many cases personal data may be stored outside the European area. ReeVo's services are provided and hosted entirely in Italy, which simplifies our customers' data management system and reporting processes for GDPR compliance of their processing.

Our role in your privacy system

ReeVo acts as the Data Controller with regard to the data that relates to the Customer related to the service contract signed, the customer's access information and related logs. It acts as a Data Processor, as provided for in Article 28 of the GDPR, for the management of third party data on the systems for the provision of services, whether the Customer is the Data Controller or is itself a Data Processor.

The Data Protection Officer

The Data Protection Officer (DPO if you use the English acronym: Data Protection Officer) is the new guarantor figure introduced by the GDPR who has the task of overseeing the application of the Regulation. ReeVo has appointed a Data Protection Officer, external and independent, to ensure constant monitoring of its compliance with the regulations and to verify the protection of its customers' personal data.

The Data Protection Officer

The Data Protection Officer (DPO if you use the English acronym: Data Protection Officer) is the new guarantor figure introduced by the GDPR who has the task of overseeing the application of the Regulation. ReeVo has appointed a Data Protection Officer, external and independent, to ensure constant monitoring of its compliance with the regulations and to verify the protection of its customers' personal data.

Find out how ReeVo's services help you meet the requirements of the regulation

The secure and certified Cloud

IAAS- Cloud Datacenter

The safe and secure IaaS service, daily backup included against the risk of data loss (GDPR - Art. 5, para. 1). Fully redundant infrastructure on host, storage and network (GDPR - art. 32, para. 1), secure and encrypted VPN channels to protect the connection to the Cloud and monitoring systems (GDPR - art. 32, para. 1).

DRAAS

A complete Disaster Recovery service for guaranteed continuity of your business, easy configuration and timely restoration of data access (GDPR - Art. 32). Activate the DR service in the geographical Datacenter of your choice among the Reevo Data Centres in Italy.

Hybrid Cloud

Secure your physical environment in our Data Centres located throughout Italy, certified to the highest quality standards.

Extend your infrastructure in total security in the Reevo Cloud through the redundant network and firewall system to ensure the proper functioning of the network (GDPR - art. 32, paragraph 1).

Mailbox Exchange

Protect your company's internal and external communication with an enterprise mail service. Role Separation, DAG, Load Balancing, High Reliability Redundancy to guarantee maximum service availability (GDPR - Art. 32, para. 1, par. b). Anti-Spam, Antivirus filter to reduce any attempt at visrus, malware or phishing attacks (GDPR - Art. 1, para. 1).

Cloud Backup

Store backups of your data securely with AES-256Bit encryption to reduce any risk of breach (GDPR - Art. 5, para. 1) and SSL channel for protection during data transmission (GDPR - Art. 32, para. 2).

Object Storage

Stores large quantities of data with maximum security; all data are automatically protected with multiple copies on different nodes, thus guaranteeing constant accessibility and data integrity (GDPR - Art. 32, para. 1). Connection is via the standard HTTPS protocol, which guarantees privacy and security (GDPR - Art. 32, para. 2).

rvo-banner-02

One-month free evaluation version

Activate ReeVo services free of charge and start protecting your customers' data in our Digital Safe