General Data Protection Regulation (GDPR) and Data Processing Agreement (DPA)
IP4G as a Data Processor
IP4G operates as a multi-tenant infrastructure-as-a-service platform enabling customers to deploy virtual machines on IBM Power hardware within Google Cloud Regional Extension data centers. As a potential Data Processor under GDPR, IP4G processes personal data solely on behalf of its customers (Data Controllers) and only with the customer’s consent and/or direction.
Technical and Organizational Measures
IP4G implements robust data security measures appropriate to the risk of processing, including:
- Encryption: AES-256 encryption for data at rest and TLS for data in transit;
- Access Controls: Role-based access and audit logging to prevent unauthorized access, alteration, or disclosure;
- Data Deletion: Customers retain full control over data lifecycle management, including deletion and retention policies;
- Isolation: Each customer environment is logically isolated on shared physical infrastructure.
Compliance Readiness
IP4G is PCI DSS v4.0 certified, demonstrating our commitment to supporting customers’ regulatory objectives and obligations, while also mainitaining a comprehensive adherence to international security standards. Additionally, our infrastructure and operational controls are designed specifically to adhere to, and incorporate, the core GDPR principles such as data minimization, purpose limitation, and ensuring the integrity and confidentiality of processing. IP4G’s Data Processing Agreement (DPA) and custom Terms of Service clarify in detail the platform and service responsibilities with specific aim of defining the shared accountability for customer data processing.
Customer Responsibilities
Customers are responsible for ensuring their own GDPR compliance, including lawful basis for processing, data subject rights, and controller obligations. IP4G provides the necessary infrastructure and documentation to support these efforts.