LogMeIn & GDPR FAQs
Answers to frequently asked GDPR questions and learn how LogMeIn is committed to meeting all the requirements.
Q) As a US company, does LogMeIn need to follow the GDPR?
A) Yes. As a global software-as-a-service provider, we have many customers in the EU which means the GDPR applies equally to us, and we will, therefore, adhere to the new regulations no later than May 25, 2018.
Q) I've read of ‘data controllers’ and ‘data processors’. What’s the difference and which one is LogMeIn?
A) To paraphrase the formal text: (a) a Data Controller is the owner of their information and decides how that information should be used; and (b) a Data Processor is a person or entity who processes the personal data of the Data Controller and carries out instructions of the Controller with regard to this data. Generally speaking, our customers will be the Controllers of their Content (as the term is defined in our Terms of Service), including any associated personal information, they place or generate in our systems, and LogMeIn will be the Processor on their behalf. In some limited and disclosed instances, such as when we collect data from a customer in order to create an account, LogMeIn will be the Controller. Formal definitions from the GDPR full text may be found here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Q) Does the GDPR stop a company from storing information outside of the EU?
A) No, there is nothing in the GDPR text that prevents or suggests this requirement. The GDPR does outline that Data Processors must protect personal data appropriately, regardless of where it is stored. Further, the GDPR does not invalidate or override the EU Model Clauses or the EU-U.S. Privacy Shield Framework, which are both legally valid mechanisms to ensure the legal transfer of personal data into and out of the EU.
Q) When do GDPR regulations become “in force”?
A) May 25, 2018
Q) How will LogMeIn prepare for the “in force” date?
A) We’re approaching this with a combined product, security, legal, IT, and data team, together with outside data privacy experts and third party compliance tools to address policies, processes, products, and people. The teams have been documenting data use within products, locations of processing, and readying, revising, and implementing the necessary functionality, procedures and practices.
NOTE: The above information is provided by LogMeIn for informational purposes only and is not intended to serve as legal advice. You should contact your attorney to obtain advice with respect to any particular GDPR question, issue or problem.