General Data Protection Regulation

On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in the European Union (EU). The GDPR expands the rights granted to EU individuals and places many obligations on organizations that market to, track or handle EU personal data. The GDPR must be adhered to by organizations that are located in the EU or do business in the EU that collect, store, transfer or use personal data about EU individuals.

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitutes personal data. Examples of personal data may include:

  • A name and surname
  • A home address
  • An email address such as name.surname@company.com
  • An identification card number
  • Location data
  • An Internet Protocol (IP) address

Storage of Personal Data using Hybrid Data Pipeline Server

Hybrid Data Pipeline is responsible for managing user and service configuration, brokering the flow of data between clients and databases, and communicating with on-premises connectors (OPC). Data (personal or non-personal) that is brokered between the clients and databases via DAS and/or OPCs is not permanently persisted during transmission.

Storage of user and service configuration information is handled by the System DB. The user information stored within the System DB may contain personal data specific to user names, credentials, and IP addresses.

Progress operates its IT and development infrastructure in general alignment with SOC2, NIST 800-53, and ISO2700X best practices.

As with identification and monitoring, it is important to ensure that compliance is appropriately configured and managed by your hosting solution.