The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which came into force on May 25, 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
BlackFog products have been designed to be GDPR compliant and limit the collection of personally identifiable information whenever possible. In fact BlackFog products have been specifically designed to limit data collection by third parties. The following information is collected by each edition.
- All standard editions of BlackFog ensure that data remains on each device. The only outbound data sent to BlackFog consists of license verification and the lookup of unknown IP addresses for the purpose of threat detection and blocking.
- Enterprise and Professional editions of BlackFog additionally send alerts to a centralized cloud console for monitoring attacks across devices. This information includes the device name, specifications, the potential threat location and activity. Data from the console is stored for 90 days unless otherwise extended by the customer and then purged.
Customer records are retained while a customer has an active account with BlackFog and is purged within 90 days of ceasing to be an active customer. No credit card information is ever stored with BlackFog. This is directly handled by the current financial transaction provider.
BlackFog’s Enterprise console runs on Amazon Web Services. The European Union (EU) data protection authorities known as the Article 29 Working Party has approved the AWS Data Processing Agreement (DPA), assuring customers that it meets the high standards of EU data protection laws. No other third parties are engaged in BlackFog’s service.