How our platform vScope relates to GDPR and our efforts to live up to the requirements of GDPR
May 14th, 2018
MALMÖ, Sweden, May 14, 2018 – The General Data Protection Regulation (GDPR) affects anyone whose business involves handling personally identifiable information about EU residents or within the EU. Trust is paramount for us and everyone at InfraSight Labs takes personal data very seriously. This article provides an overview of how InfraSight Labs as a company and our platform vScope relates to GDPR and our efforts to live up to the requirements of GDPR.
InfraSight Labs as a data processor
Most of vScope data is not at all related to GDPR. vScope is an on-premise solution meaning that you process the data locally and InfraSight Labs will in most cases never touch any of it. vScope is only visualizing information that already exists in other systems and can furthermore never read, store or process any content, personally identifiable or not, in any type of database like client registers, patient registers, spreadsheets or or similar.
If you as a Data Controller can establish what data your organization is storing and why you are storing it, you will also be compliant in regards to vScope and GDPR.
There are two instances where InfraSight Labs may be a data processor:
- Online Backup of vScope data is offered as a complimentary service included in the vScope license.
- To be able to troubleshoot issues and improve vScope, InfraSight Labs will from time to time ask you to send us support data. This data may contain personally identifiable information.
Using these services, means that you have engaged InfraSight Labs as your data processor to carry out this activity on your behalf. Furthermore, for hosting companies or any other company processing data on behalf of clients this means InfraSight Labs may serve as a sub-processor.
All customers have a contractual relationship with InfraSight Labs AB, an entity based in Sweden.
The GDPR establishes strict requirements for moving data outside of its scope of protection. InfraSight Labs is never moving any data outside of the EEA and all data is stored in our datacenter in Malmö, Sweden. We also acknowledge that should we ever change this policy and engage sub-processors outside the EEA, it is our job to ensure that we transfer the data lawfully and that we are transparent with you about these transfers.
InfraSight Labs as a data controller
Additionally, InfraSight Labs acts as the data controller for the personally identifiable information we collect about you as a user of vScope and our website. We process:
- Data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
- Data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under GDPR.
- Personal data for our legitimate interests in line with GDPR Article 6(1)(f).
InfraSight Labs take your privacy very seriously. If you have any questions with regards to the above or need support on your specific case, please reach out to our Data Protection Officer at firstname.lastname@example.org.
About InfraSight Labs
InfraSight Labs is a Swedish software company that develops vScope, a platform for IT inventory. From its base in Malmö, InfraSight Labs has grown from a small startup to a well-known company within the IT industry of Sweden. Today hundreds of organizations use vScope to excel in their IT delivery.
Using vScope for your GDPR compliance
While vScope doesn’t process much Personally Identifiable Information, it can still be highly valuable and useful to use in your efforts to become and stay GDPR compliant. Updated IT documentation, security audits, gap analysis, access management are some of the features/use cases that is provided by vScope. Using vScope will help your organization to facilitate the transparency needed to both getting compliant as well as staying compliant. vScope provides a great platform for IT to share reports and collaborate with other units of the organization meaning that there is really no technical skills required to access IT-information.