General Data Protection Regulation
The GDPR is a new EU privacy regulation that provides higher levels of protection for EU citizen data.
The GDPR has a very far-reaching scope. It applies to all companies processing and holding personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR will probably impact your veterinary practice as you collect and process EU personal data. We encourage you to seek advice on what GDPR means for your practice.
The GDPR (General Data Protection Regulation) is a new EU privacy regulation that provides higher levels of protection for EU citizen data. Here is a link to more information.
The GDPR has a very far-reaching scope. It applies to all companies processing and holding personal data of data subjects residing in the European Union, regardless of the company’s location. The regulation also applies in Switzerland, Norway, Iceland, Liechtenstein, and will continue to apply in the UK post-Brexit.
Organizations can be fined up to 4% of annual worldwide turnover or €20 Million for serious GDPR breaches.
IDEXX considers the proper processing of personal data to be highly important and essential to fulfilling our Purpose and Guiding Principles. We have been working diligently toward GDPR compliance.
One of the requirements of the GDPR for both IDEXX and your veterinary practice is to have a Data Protection Agreement (“DPA”) in place when IDEXX processes personal data on your behalf (we are then known as a “data processor” under GDPR, and you are the “data controller”). This requirement applies to our VetConnect PLUS and SmartService products. This DPA helps you fulfil one of your obligations as data controller. In order to align our VetConnect Plus Terms of Service and SmartService Agreement (“Terms”) with the DPA, we needed to make changes to these as well.
Regarding the revised VetConnect PLUS Terms of Service and SmartService Agreement – You need to read the new terms and 30 days after the new terms have been sent to you these will be considered approved by you. Regarding the DPA – The DPA describes the rights and obligations of both parties, data controller and data processor, as required by the GDPR so it is important for you to read and understand it. Additionally, you are requested to electronically confirm your acceptance to the DPA as it is part of your agreement with IDEXX. To do so, please go to GDPR Acceptance. If you fail to do so, you will not fulfil your obligation as a data controller to have a DPA in place and you will not be able to continue using these IDEXX’s services.
A data controller determines the purposes and means of processing of personal data. A data processor processes personal data on behalf of a data controller. IDEXX customers will typically act as the data controller for any personal data they provide to IDEXX in connection with their use of IDEXX services. IDEXX is the data processor and processes personal data on behalf of the data controller when the data controller is using IDEXX VetConnect PLUS and SmartService.
|Scope of Services||Location|
|SmartService||Amazon Web Services data center||US|
|VetConnect PLUS||Google data center hosting diagnostic results||EEA, US|
|Amazon Web Services hosting reference lab ordering||US|
|Troubleshooting and monitoring services||EEA, US|
We appreciate that some customers have already developed their own Data Processing Agreements/Data Protection Agreements. We fully understand that customers as data controllers have concerns about meeting their responsibilities under the new Regulation as far as the processing of their data is concerned. To help you meet this purpose, IDEXX has developed our own standard DPA as we are unable to agree to different DPA arrangements with each of our customers. We need to ensure we comply with GDPR in a consistent and reliable way across our customer base.