Compose allows customers to deploy databases in many datacenters across the world with our commitment to provider and location diversity. Because of this flexibility, we need to take into account data privacy laws not just in the United States, but in every country where we store data.
To govern the movement of data from the EU to the US, Compose complied with both US-EU and US-Swiss Safe Harbor Frameworks. Following last year's ruling of the European Court of Justice that invalidated the Safe Harbor agreement, IBM was quick to urge policymakers to work expediently to ensure "unbroken data flows between the European Union and the United States."
IBM has prepared an EU Model Clauses agreement for Compose customers to facilitate the transfer of personal data outside of the EU in accordance with the EU data privacy laws. EU Model Clauses are relevant to all customers sending personal information relating to EU citizens to Compose.
To request an EU Model Clauses agreement or for any other information or assistance around the transfer of personal data, customers can contact our dedicated EU Model Clauses team via email.
The EU Directive 95/46/EC sets out rules concerning processing of customer's personal data. As the data controller, customers appoint IBM as a data processor to process (e.g., store, transmit, archive) any personal data which may be included in the customer's content. In turn, customers are responsible for obtaining all necessary consents to include the content (including any personal data) in IBM Compose DBaaS solutions.
A list of countries where content may be held from or from where content may be accessed for the purpose of delivering and supporting a cloud service is available.
More information about Compose's overall standards compliance and privacy can be found on our help site. Similar information can be found for our partners:
Following the recent vote in favor of new General Data Protection Regulations, it is important that Compose customers are aware of the Compose team's understanding and compliance with emerging data privacy standards and legislation.
If you have further questions about changes to data protection laws in Europe and how they might impact your business, feel free to reach out to us.