# GDPR Support of Personium
Compliance with the GDPR requires coordination between the Personium Service provider (you) and us (FUJITSU and Personium). For personal information handled by Personium, we will perform the work required as a processor or sub-processor. We are the processor for data handled in the manner that you are the controller and we are the sub-processor if you are the processor.
> [FUJITSU's GDPR press release](https://www.fujitsu.com/global/about/resources/news/press-releases/2018/0119-01.html)
> [What is a data controller or a data processor?](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en)
1. **How do you address the "right to data portability" ([Article 20 GDPR](https://gdpr-info.eu/art-20-gdpr/)) of personal data subjects?**
The data subject has the right to receive his or her data in a structured, commonly used and machine-readable form.
In the event that an individual (Personium Service end-user) notifies the Personium Service provider that he or she wants to execute the "right to data portability" as a data subject regarding the stored data, please inform the Personium Service provider that the data subject can export all the stored data (the Cell) by executing the [Cell export API](https://personium.io/docs/en/apiref/501_Export_Cell/).
1. **How do you address the "right to be forgotten" ([Article 17 GDPR](https://gdpr-info.eu/art-17-gdpr/)) of personal data subjects?**
The right to be forgotten provides that the data subject has the right to have his or her data erased by the controller without undue delay.
In the event that an individual (Personium Service end-user) notifies the Personium Service provider that he or she wants to execute the "right to be forgotten" as a data subject with regard to the stored data, the Personium Service provider can delete the account and the stored data (the cell) by executing the [recursive cell deletion API](https://personium.io/docs/en/apiref/104_Delete_Cell/).
1. **Does the Personium Service access or process the contents of the PDS for use?
([Article 29 GDPR](https://gdpr-info.eu/art-29-gdpr/) & [Article 30 GDPR](https://gdpr-info.eu/art-30-gdpr/))**
Personium Platform provider does not access any information within the Unit or Cells. In the event of a failure, if there is an exceptional need to access the servers for recovery purposes, the Personium Platform provider will contact the customer (Personium Service provider) in advance, obtain their consent, and follow their instructions. At this time, the Personium Platform provider will minimize the scope of access within the customer's Unit, capture and store a record of all access and actions taken for the purpose of disaster recovery (Log), and provide it to the customer as needed. The Personium Platform provider will promptly destroy any information learned during the recovery process.
## Glossary for this document ([Official Glossary](https://personium.io/docs/en/introduction/008_Glossary/))
Personium Platform provider
> Organization that constructs and implments a service which will be paid by the Personium Service provider.
Personium Service end-user
> Individuals who use the personal data store service.
Personium Service provider
> Organization that provides personal data store services to individuals based on the Personium Platform.
Last changed by
Personium Chief Evangelist, MyData Global Founding Member, MyData Global Board Member 2021