DataMotion performed a legal, compliance, and applicability evaluation of Regulation (EU) 2016/679 27 April 2016, also known as the European Union General Data Protection Regulation (GDPR), which comes into force on May 25, 2018, to DataMotion SecureMail or Secure Data Exchange (SDX) services.
The findings conclude that the GDPR does not apply to DataMotion or the provision of DataMotion SDX and related services.
This does not mean that DataMotion is non-compliant with the principles and protections provided by the GDPR; only that DataMotion falls outside of the regulation.
This is due to the fact that the services provided by DataMotion act as a secure conduit by nature only. See the section below for information regarding this.
DataMotion SecureMail and SDX Services Provide a Secure Conduit
DataMotion SecureMail and SDX Services provide a pass-through service as an electronic conduit. DataMotion does not initiate transmissions, does not select receivers of transmissions, and does not select or modify the information delivered in transmissions.
DataMotion has neither knowledge of nor control over the information which is transmitted or stored by its services, which have a mere technical, automatic and passive nature. DataMotion is an “intermediary service provider” that serves as a “mere conduit” and does not offer its services to EU data subjects.