Utilizziamo i cookie per offrirti contenuti e messaggi promozionali personalizzati, per fornirti funzionalità di social media e per analizzare il nostro traffico. Se prosegui nella navigazione del sito acconsenti implicitamente all'uso dei cookie. (Approfondisci)

gdpr icon

Data Privacy in IceWarp

Long before the EU’s regulation on the protection of user’s data and privacy became applicable on May 25, 2018, IceWarp was already working to set everything up, both technically and legislatively, for this global cornerstone of digital security. And we were successful. IceWarp is fully GDPR compliant. We’ll show you how to prepare your company as well.
check icon
In short: IceWarp is GDPR compliant already. You don’t have to do much at the moment to meet basic demands of the regulation. But we suggest you to see our recommendations below.

Purpose of GDPR

General Data Protection Regulation (GDPR) is the largest and the most comprehensive EU regulation of personal data storage and processing in history. Adopted on 14 April 2016, it came into force after a two-year transition period. The new regulation provides users with stronger rights to access and control their personal data and places obligations on organisations making them more accountable for data protection.
The goals of GDPR are promising - to grant more control over personal data to every EU citizen and to simplify the regulatory environment of international business. But what is personal data anyway? According to EU officials: “Personal data is any information relating to an individual, It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer’s IP address.” *
* The GDPR provides for most legal obligations, but in addition member states can make provisions for how it applies in their country through their national data protection laws.
GDPR is not all about digital security, though. The new law enforcement is affecting mostly company’s inner processes - a way of storing data, managing levels of clearance and updating data policies. In short, that means sleepless nights for company’s lawyer and a lot of paperwork for the rest. Otherwise, penalties will be severe.

Technical Measures

On the brighter side, if you’re using the latest version of IceWarp Server, you’re all set to be GDPR compliant already. We regularly conduct vulnerability and penetration testing of IceWarp Server and all related tools and client applications. We also make sure that we update to the latest patches of all critical components of the system including openssl, certificates etc. Therefore, similarly to any other IT system, it is necessary that you keep updating to the latest version of IceWarp Server in order to stay protected against recent security threats.
In terms of IT infrastructure, make sure that you follow the general best practices of IT security, including remote access security, firewall security, password complexity enforcements, and malware protection. IceWarp team can help you with review of your current setup.
However, you may also need to do few configuration changes of IceWarp Server in order to fulfill some of the GDPR requirements. For example, to access all data and search through them, you can simply set up a global archivist account. The account comes handy when your customers or former employees require you to provide GDPR audit of their personal data.
There are also some other simple steps, you may want to take to be even more in the line with GDPR regulations:
  • Data loss protection. Be sure you’re using SmartAttach and Archive functions.
  • Grant only a mandatory access to a server. According to a level of clearance, lower the number of people with wide access to a server.
  • Enable 2-factor authentication. For server administrators, simply use IceWarp Autheticator, which works smoothly for almost any IT admin, or set second authentication method like i.e. SMS.
  • S/MIME keys. Start digitally signing and encrypting your messages using S/ MIME, but be aware of a significant increase of computing power needed.
  • Levels of clearance. Do a permission audit, deny an access to nonessential personnel, set different passwords to the most secure directories.
  • Use user accounts only. We don’t recommend to run IW under the root account, use dedicated user’s accounts instead.
  • Data searching. Set authorized individual(s), who have permission to seek through Email Archive and Full-text search.
  • Erasing in person. Make sure that erasing is done by the person who owns the data.
  • Use system logs. Enable system maintenance logs on your server, this allows you to track every action on a server, along with user authentication and activity.

Data Subject Requests

Firstly, let us assure you - IceWarp On-premise and Cloud are fully GDPR compliant at the moment. Things gets more complicated when it comes to fulfilling the user requests for data access. The data controller needs to search for the user's data, categorize them and create a GDPR report. That’s when the built-in full-text search can be useful. With its full-text search capabilities and advanced filtering options, you will be able to process data subject access requests from various sources of your server in just a few clicks.
You can search personal data contained in e-mails, messages and any files hosted in IceWarp Cloud. You are also able to archive and delete any personal data contained in these e-mails, messages and hosted files.
This will aid you to exercise of rights of data subjects:
tool icon
Right of access
tool icon
Right to rectification
tool icon
Right to erasure
tool icon
Right to restriction of data processing
tool icon
Right to data portability
tool icon
Right to object
check icon
Audit That Out
Need further help with a preparation for GDPR? Let us know on gdpr@icewarp. com. We will gladly help with a transition.
check icon
Contact Person
Any GDPR related questions can be addressed to IceWarp ́s Data Protection Officer at dpo@icewarp.com

Cloud Services and Privacy

Regardless if you choose to store your data in Germany, or in the U.S., IceWarp complies with European GDPR. This is because GDPR is applicable to personal information of any end user or business contact of any European citizen, so it’s easier to implement it across all our clusters. In fact, IceWarp has been working on enabling data discovery and compliance for other businesses, easily locate personal data in all internally used systems using full-text search, securely archive it or delete it. To address the privacy needs of US organizations working with sensitive patient health information, we can help to achieve compliance with the national standard HIPAA.
IceWarp Cloud multi-tier applications are using separate virtual machines (VMs) including non-shared storage, so a breach in one site doesn’t affect others. There are individual firewalls that work as a protective shell for your data. Smart cloud automation developed by IceWarp ensures the highest level of information security, as opposed to vulnerabilities that exist in commonly available virtualization platforms. Connections are secured and limited to authorized staff who are issued personal tokens and connect through a virtual private network (L2TP/IPSec) and SSH gateway. Only necessary ports are open for most of the services, further reducing the risk. There’s also high physical access security in all our data centers, protecting the clusters from damage, infiltration, theft, fire, etc. In addition, the proactive monitoring of all services and the network traffic would reveal any malicious activity and allow our security team to react.
Any data and apps in the cloud are physically stored on a server located at a data center or server farm. Location of that data center is the most important factor when considering cloud providers. Do they disclose this information at all? Can they guarantee to keep your data under one jurisdiction, such as to prevent the transfer of personal information?
With IceWarp Cloud you can select from the list of several data centers where your data will reside. Not only the distance and local connectivity to the nearest data center will make the service more responsive, but also ensures that the data remains protected by privacy laws valid in your country. We guarantee your data won’t be moved abroad. You can learn more about our certified data centers at this link: www.icewarp.com/cloud-order/datacenters.
gdpr icon

ISO/IEC 27701 Certification

Here at IceWarp we adhere to strict data protection legislation. To address the operational challenges of processing an increasing amount of personal data, we have introduced an internal Personal Information Security Management System with processes that are certified by the recognized international standard ISO/IEC 27001. This is one of the most used ISO standards in the world with many organizations (regardless if they are data processors or controllers) already certified to it. This means that organizations with established ISO 27001 certification can rely on IceWarp as a supplier who is independently audited and interoperable within the same standards. For businesses that haven’t sought the certification yet, it’s a key prerequisite in achieving GDRP compliance of our services. In short, privacy (wether GDPR or through another regulation) depends on established information security standards.

Fatemi vedere IceWarp

Seleziona il tuo paese
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Democratic Republic of the Congo
Cook Islands
Costa Rica
Cote D`Ivoire (Ivory Coast)
Croatia
Cuba
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guinea
Guinea-Bissau
Guyana
Haiti
Heard and McDonald Islands
Holy See (Vatican City State)
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
North Korea
South Korea
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestinian territories
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon
Saint Vincent & the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovak Republic
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
Spain
Sri Lanka
Sudan
Suriname
Svalbard & Jan Mayen Islands
Swaziland
Sweden
Switzerland
Syrian
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
US Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Venezuela
Vietnam
Virgin Islands, British
Virgin Islands (U.S.)
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Montenegro

Richiesta di contatto

Seleziona il tuo paese
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Democratic Republic of the Congo
Cook Islands
Costa Rica
Cote D`Ivoire (Ivory Coast)
Croatia
Cuba
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guinea
Guinea-Bissau
Guyana
Haiti
Heard and McDonald Islands
Holy See (Vatican City State)
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
North Korea
South Korea
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestinian territories
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon
Saint Vincent & the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovak Republic
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
Spain
Sri Lanka
Sudan
Suriname
Svalbard & Jan Mayen Islands
Swaziland
Sweden
Switzerland
Syrian
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
US Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Venezuela
Vietnam
Virgin Islands, British
Virgin Islands (U.S.)
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Montenegro