IBM Cloud Docs
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

The GDPR seeks to create a harmonized data protection law framework across the EU. It aims to give citizens back the control of their personal data, while it imposes strict rules on the host and process the data, anywhere in the world. The Regulation also introduces rules that relate to the movement of personal data within and outside the EU.

With the General Data Protection Regulation, Schematics clients can rely on the Schematics team's understanding and compliance with emerging data privacy standards and legislation. Clients can also rely on IBM's wider ability to provide a comprehensive suite of solutions to assist businesses of all sizes with their own internal data governance requirements.

How do you audit access to Schematics?

You can find information about auditing in Audit logging and managing user access.

Supporting classifications of personal data

The following categories of personal data are supported by Schematics for GDPR:

  • Basic contact information, such as email address, name, which is a subset of basic personal information.
  • Technically identifiable personal information, such as authentication credentials, IP address.

For more information about data security in Schematics, see Securing your data in Schematics.

About user data

Schematics records few data about its users, which is limited to basic contact information such as email address, and name. Schematics is a data processor for said Personal Information (PI) data. Schematics processes the limited client PI in the course of running the service and optimizing the user experience. Schematics uses email for contacting clients. Monitoring client interactions with Schematics is another way Schematics processes PI.

Do not enter sensitive data for Schematics. For example, do not use any Personal Information (PI), Personal Identifying Information (PII), and customer-specific data in a workspace name.

Is the Schematics database encrypted?

For more information about how your data is encrypted in Schematics? see How your data is stored and encrypted in Schematics?

Data locations

Locations where Schematics processes personal data are made available, and kept up-to-date. For more information about data locations, see Locations and service endpoints.

Service security

Following are the list of service security measures taken by the IBM Cloud Schematics.

  • Physical and environmental security measures.
  • Physical security of the data centers is handled by the IBM Cloud infrastructure providers. All hold externally audited certifications for the physical security. Schematics doesn't provide further details of the physical security controls in place at the data centers.
  • Physical security of an office location that are used personnel is handled by IBM corporate.
  • Technical and Organizational Measures. Technical and Organizational Measures (TOMs) are employed by Schematics to ensure the security of personal data. Schematics holds externally audited certifications for the controls Schematics employs.
  • Service access to data.
  • Schematics operations and support staff have access to client data and can access during routine operations. The access is only done to operate, and support the service. Access is limited to a need to know basis and also is logged, monitored, and audited.

Deletion of data

IBM Cloud Schematics stores your data in a highly available and secure environment. All your data such as automation code, input configuration data, input credentials, and the runtime data are stored in IBM Cloud® Object Storage. For more information about how to delete your data in Schematics, see deleting IBM Cloud Schematics data.

Schematics can completely remove all references and data for a client document when an operator-managed purging is run. Before you request that data to purge, it's important to understand that purged documents cannot recover the process is complete.