General Data Protection Regulation (GDPR)

The General Data Protection Regulation seeks to create a harmonized data protection law framework across the European Union (EU) and aims to give citizens back the control of their personal data. The GDPR imposes strict rules on those hosting and processing personal data anywhere in the world. Additionally, this regulation introduces rules that relate to the free movement of personal data within and outside of the EU.

With the GDPR, IBM® Power® Virtual Server clients can rely on the Power Virtual Server team's understanding and compliance with emerging data privacy standards and legislation. Power Virtual Server clients can also rely on IBM's wider ability to provide a comprehensive suite of solutions to assist businesses of all sizes with their own internal data governance requirements.

Online retention of client data

Client data is retained during the client's use of the workspace (that is, until the client's contract termination or expiration) by default. Additionally, clients can define shorter retention periods for some of their data within the workspace to align with their own organizational retention policies. All client data is removed from the workspace 1 business day after the client's contract termination or expiration.

Backup retention of client data

Power Virtual Server does not provide backups of client data.

Destruction of client data

Power Virtual Server gives the client the ability to delete all online client data at their request or upon termination of the workspace. The secure destruction of all client data happens at the end of life of the associated infrastructure or cloud service.

Export of client data

IBM contractually commits, as required by various industry and government regulations to provide clients the capability to export their data, or that IBM provides the client with export copies of their data upon request. Power Virtual Server gives clients the ability to export data on their own.