61246: GDPR Compliance

use Google Translate

Last update: 16-02-2023

What is GDPR?

The European Union (EU) General Data Protection Regulation (GDPR) is coming into effect on May 25, 2018. GDPR applies to any information that identifies, directly or indirectly, an individual in the European Union.   A business that stores personal data with Acronis is the “controller” for the personal data and Acronis is the “processor” for the personal data.  A controller has the legal liability for complying with GDPR, including the requirement of a “contract or other legal act” under GDPR’s Article 28(3).

What is a DPA and why do I need it?

GDPR requires controllers to put agreements into place with their processors that contain rules governing the processing data for the controller. GDPR imposes the obligation on the controller, not the processor. Nonetheless, Acronis has prepared a GDPR compliant data processing addendum (DPA) for data controllers with whom Acronis has an existing contract. The DPA reflects Acronis’ commitment to assisting controllers with their privacy and data protection compliance. The Acronis DPA contains all the terms and commitments required by GDPR for contracts between controllers and processors and between processors and sub-processors. It also includes the Standard Contractual Clauses for international transfers of data out of the EU/EEA/Switzerland.  

Please note that if you are a reseller, distributor or corporate end user who obtains Acronis cloud products through a service provider, or other reseller or distributor, you need a DPA with that service provider, or other reseller or distributor. Only controllers who purchase directly from Acronis can enter into a DPA with Acronis.

How can I get the DPA?

Send a request to data-protection-office@acronis.com or contact your Partner Account Manager/Technical Account Manager. Include into the request full legal company name, registration email address (or license certificate, if applicable) and full name and email address of the person, who will be signing DPA on your behalf. 

Please note that DPA is not needed if you process all the data inside your premises (without Acronis Cloud). Acronis is not a data processor in such cases.

What kind of personal information does Acronis collect?

All information about what information Acronis collects and how it is used is described our Privacy Statement: https://www.acronis.com/en-us/company/privacy.html

Is Acronis ISO 27001 certified? 

Yes, Acronis is ISO 27001 certified

I save backups to Acronis Cloud. Where is my data stored?

You can find locations of Acronis Cloud Data Centers on Acronis website here

What security measures Acronis uses to keep data in the Cloud protected?

Please see Acronis Cloud Data Centers - a Primer on Security, Privacy and Compliance for more information.

For more information about GDPR, visit our website at https://www.acronis.com/en-us/gdpr/

Note:  This article is for informational purposes only. It is not legal advice, and you should not treat it as legal advice. If you have questions about GDPR that our website doesn’t answer, you should consult with your legal counsel.