GDPR

Effective July 22th, 2020

Umbish Tech follows global regulations and industry practices in order to maintain privacy and security of its customer’s data. All our products provide GDPR-ready capabilities to help our customers meet their compliance obligations. Umbish Tech extends these capabilities not only to customers in the EU, but to all our customers worldwide, as per the regulations.


1. What is GDPR?

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data.

The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide. GDPR has taken effect from 25th May 2018.


2. Where does the GDPR apply?

This law doesn't have territorial boundaries. It doesn't matter where your organization is from — if you process the personal data of subjects of the EU, you come under the jurisdiction of the law.


3. Who does it apply to?

GDPR applies to any organization that works with the personal data of EU residents. This law introduces new obligations for data processors while clearly stating the accountability of data controllers.


4. What are the penalties for non-compliance?

A breach of the GDPR incurs a fine of up to 4% of annual global turnover or €20 million (whichever is greater).


5. Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. Our data processing addendum, which references the European Commission’s model clauses, will continue to help our customers facilitate transfers of EU personal data outside of the EU.