GDPR questions answered

July 17, 2018

By now, you’ve probably heard someone mentioning something called GDPR or seen GDPR in the news. GDPR is all the rage right now! We’ve actually posted a couple of times about GDPR for business, but now we would like to explain the basics of the GDPR to consumers — our existing and potential customers.

Explaining the GDPR

What is the GDPR?

The GDPR is a law in the European Union that regulates personal data privacy and security. It came into effect in EU member states on May 25, 2018. It replaces the Data Protection Directive and applies to every business that resides in the EU and deals with personal data or handles the data of people who are in the EU. At the core of the GDPR is the aim of simplifying, unifying, and updating the protection of personal data and guaranteeing that people stay within their rights and freedoms when providing their data.

What constitutes personal data?

Under GDPR, your name, location data, date of birth, and contact information are classified as your personal data by the GDPR. Actually, any information that is connected to a specific person in the EU can be classified as personal data.

What is the link between the GDPR and cybersecurity?

With the introduction of the GDPR, organizations that process your personal data now have to handle it responsibly and securely; that’s why they are re-examining their cybersecurity posture.

So, is the GDPR good for industry?

Generally, yes. The GDPR will force organizations to be more accountable and to fully understand their data-management policies, which should also help make sure that they are more secure.

Kaspersky Lab and GDPR

Is Kaspersky Lab ready for the GDPR?

Yes, we are. To that end, we’ve made changes in our products, infrastructure, and business processes.

What have you changed in your products to be ready for the GDPR?

Respecting and protecting customer privacy is one of our fundamental principles, and we process only what data is necessary for product functionality to perform as promised. That’s why to comply with the GDPR, just a few additional measures have been taken so that our solutions offer users granular control over what data they provide to Kaspersky Lab through the agreements they accept.

Are all Kaspersky Lab products and solutions GDPR-ready?

All of our products offered in EU are GDPR-ready.

What should I do if I live in Europe and already use your products?

We are trying to notify all of our current customers in Europe what they should do through all available channels: e-mail, in-product messages, push notifications, and so on. For more information, however, you can always visit our website for your country to get the latest GDPR-ready version of your product.

Do products for Europe and other countries differ?

Identical products offered in Europe and other countries do not differ in terms of the protection they provide.

Data processing in Kaspersky Lab

What customer data does Kaspersky Lab process?

It depends on which product, service, website, and so forth you are using — and what agreements you have accepted. The data processed can include the following:

  • To support key product functionality, which means ensuring basic protection from cyberthreats, users send license/subscription identifiers, device data, data on threats detected, and so on;
  • To increase protection effectiveness, users can send information on installed applications, data on operating system events, suspicious files and files that could be exploited by intruders, URLs visited, and Wi-Fi connection data;
  • To offer improved and more suitable solutions to customers, Kaspersky Lab can ask users to consent to sharing information about any purchases made, their e-mail addresses, and other user contact data;
  • To resolve technical support issues and create error reports, users can send dump and trace files to Kaspersky Lab.

You can explore details of our data processing principles on the Data Protection page of our website.

How does Kaspersky Lab anonymize the data it processes?

Kaspersky Lab takes user privacy extremely seriously. The company implements the following measures to anonymize the data we obtain from users:

  • The information is used in the form of aggregated statistics where possible;
  • Logins and passwords are filtered out from transmitted URLs, even if they are stored in the initial browser request from the user;
  • When we process possible threat data, by default we do not use the suspicious file. Instead we use a hash-sum, which is a one-way math function that provides a unique file identifier;
  • Where possible, we obscure IP addresses and device information from the data received;
  • The data is stored on separate servers with strict policies regarding access rights, and all information transferred between the user and the cloud is securely encrypted.

Does Kaspersky Lab share personal data, processed by Kaspersky Lab solutions, with third parties?

We may share that data with vendors that provide services to us, such as Amazon Cloud and Microsoft Azure. Kaspersky Lab works with its partners under data protection agreements. We never provide data, or access to it, to state organizations or third parties that are not our service providers.

Can I delete my personal data that Kaspersky Lab processes — or see it?

Users can always find the list of information they provide to Kaspersky Lab in the corresponding agreements and policies they have accepted. They can also contact Kaspersky Lab local support and request their data (such as license information, order information, e-mail address, etc.) to either be shared with them or deleted.

Where is my data stored?

Front-end servers are located in several countries around the world (including Germany, Canada, China, Russia, and others), and the back-end servers are currently located in Russia, where the largest part of Kaspersky Lab’s antimalware research team works. Different types of aggregated stats are stored on different servers with strictly regulated access rights. By the end of 2019, Kaspersky Lab will have established a data center in Zurich, and this facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan, and South Korea, with more countries to follow.

Kaspersky Lab’s advice for consumers

We believe everyone has the right to be free of cybersecurity fears, regardless of how commonplace such threats have become. People must protect the data that matters most to them from data security breaches, which are inevitable at present, and that they hold companies to account.

Consumers have numerous ways to safeguard their data. At the very least, they should be learning about their rights under the new GDPR regulation.

You should always think about protecting your data and apply security measures to ensure protection. If you live in the EU, when you use Kaspersky Lab’s protection solutions, we protect the data you provide to us in accordance with the GDPR.