Key Links:
Brief on GDPR, PII and Block 64
Does Block 64 collect, process or handle any Personally Identifiable Data (PII) or Personal Data in the course of their work?
Yes, Block 64 does process PII during most customer engagements, but only that which is necessary to complete our assessments.
That data is limited to:
- usernames
- first name
- last name
- email addresses
- IP addresses
- SIP addresses
The above data points are processed during the following collection routines:
- Active Directory
- Entra ID (nee Azure AD)
- M365
- AWS SSO logs
- GCP SSO logs
- Microsoft Exchange Server
- Microsoft Skype for Business Server
- Microsoft SharePoint Server
A customer, at any time, may withdraw consent of this collection, and Block 64 will destroy the data in question permanently.
For reference, the GDPR defines personal data as the following:
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Is Block 64 GDPR Compliant?
Yes. As a data processor, Block 64 follows GDPR guidelines by:
- Requiring consent prior to any data processing.
- Maintaining resident data centres (including Western Europe and Germany) to ensure data does not leave the customer’s region.
- Limiting the scope of PII processing to only what is necessary to work with the customer.
- Protecting PII processing by leveraging end-to-end encryption.
- Limiting access to a customer’s data via Role Based Access Control.
- Providing the channels for any customer to, at any time, revoke consent, and for Block 64 to immediately delete any customer data.
Who is your Data Protection Officer?
Sean Ramsay (sean.ramsay@block64.com) is currently the appointed DPO at Block 64 and works with the team to ensure regular and systematic monitoring of data subjects on a large scale.
The Right to be Forgotten
The small amount of Personal Data that may be gathered during Block 64's work can be deleted at any time via a consent withdrawal request by our customers.
This request can be made here at support.block64.com or via email to privacy@block64.com
Does Block 64 have a data protection policy which guides their employees in how to keep personal data secure?
Yes. Our policy is available upon request and is communicated to all employees on an annual basis.