# GDPR The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. Aquator has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Aquator has taken to align its practices with the GDPR include: ​ * Revisions to our policies and contracts with our partners, vendors, and users * Enhancements to our security practices and procedures * Closely reviewing and mapping the data we collect, use, and share * Creating more robust internal privacy and security documentation * Training employees on GDPR requirements and privacy/security best practices generally ​ * Carefully evaluating and building a data subject rights’ policy and response process Below, we provide additional details about the core areas of Aquator’s GDPR compliance program and how customers can use Aquator to support their own GDPR compliance initiatives. ​ Data Processing Agreements Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). Aquator offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which Aquator commits to process and safeguard personal data in accordance with GDPR requirements. This includes Aquator’s commitment to process personal data consistent with the instructions of the data controller. ​ International Data Transfers ​ As with prior EU data protection laws, the GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework. ​ Data Access, Management, and Portability Tools The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their data. Aquator is committed to facilitating data subject requests consistent with the GDPR. ​ Privacy Documentation ​ At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. Aquator shares the GDPR’s commitment to these principles, and has included within its ongoing GDPR compliance program documentation about its data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR. ​ Data Security The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Aquator. Ongoing Compliance and Communication ​ The GDPR’s requirements are comprehensive, but the law and regulatory guidance will evolve. As data protection authorities in Europe interpret the GDPR’s requirements and issue guidance, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a data controller customer with questions about how we can help support your own GDPR compliance efforts, please contact us at . --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://aquator-marine.gitbook.io/gdpr/gdpr.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.