Blackpoint Cyber is thrilled to announce that we are officially GDPR compliant! We have always been dedicated to the protection of businesses and their data. In 2023, we formally invested in internal resources and collaborated with external stakeholders to enhance our data security and data privacy measures. Today, we proudly support our European partners and their clients with fully implemented, comprehensive privacy policies, procedures, and controls across our enterprise.

What is the GDPR?

The European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) (“ EU GDPR”) is a privacy regulation intended to improve data protection within the European Economic Area (“EEA”) that went into effect on May 25, 2018, and became effective in the UK post-Brexit on January 1, 2021 (“UK GDPR,” and together with EU GDPR, referred to in this post as “GDPR”).

The GDPR gives European citizens greater control over their personal data and standardizes data handling regulations across EU member states. It applies to any organization, worldwide, that targets or collects data from EEA or UK residents. Personal data is broadly defined as any information relating to an identified or identifiable person.

What is Blackpoint’s Role?

Blackpoint Cyber acts as a Data Processor for the MSP Partners and End Customers that leverage our MDR Services. Our MSP Partners and End Customers in turn act as Data Controllers and are responsible for determining Blackpoint’s purposes and means of processing personal data in compliance with GDPR. To ensure GDPR compliance and support our partners, clients, and vendors, we have established internal policies, procedures, and organizational and technical measures to protect the processing of personal data.

What Does This Mean?

Customers signing up for Blackpoint Cyber MDR Services can be sure of the following:

  • Awareness and Training: All Blackpoint Cyber personnel are informed of GDPR compliance requirements and receive annual training on data privacy.
  • Privacy Policy: Blackpoint’s privacy policy has been updated for GDPR compliance and is available here.
  • Data Breaches and Incident Response: Blackpoint has robust policies for handling data breaches and incidents, detailed in our Partner Responsibility Playbook for existing customers.
  • Data Residency: Blackpoint may transfer data to AWS infrastructure in the US and vetted third parties. We use Standard Contractual Clauses (“SCCs”) for such data transfers to ensure compliance.
  • Third-Party Processors: Blackpoint uses AWS, which complies with EU data protection standards. Our Data Processing Addendum lists all sub-processors, with agreements ensuring adequate data protection practices.
  • Assistance to the Data Controller: Blackpoint assists Data Controllers in fulfilling their GDPR responsibilities, with policies to handle data subject requests.

Blackpoint is committed to maintaining the highest standards of data privacy and security, which are critical to ensuring business resiliency today. Recognizing the important role of data privacy today around the world, we plan to continue to implement privacy by design at Blackpoint, ensuring our customers are afforded their rights in accordance with applicable data protection laws. We plan to continually invest in and strive for excellence in this domain, helping our customers and partners understand what personal data we process on their behalf, and how we protect it at every step of their engagement with us, to ensure they do not expose themselves to additional risks like identity theft, reputational damage, and others.

The responsibility to protect our customers is a core value at Blackpoint, and one which resonates across the company. If you are a customer or a prospect in need of a DPA with us, please contact our team at [email protected].

Written by Julia Srienc, Director of Internal Security & Compliance