# Data residency & compliance Data residency and regulatory compliance are not add-on features in GLBNXT Workspace. They are foundational to how the platform was designed and how it operates. For organisations subject to European data protection law and related regulatory frameworks, Workspace is built to meet these requirements by default, without requiring additional configuration or legal negotiation to achieve a compliant deployment. *** ### Data Residency Data residency refers to where data is physically stored and processed. For many organisations, particularly those operating in regulated industries or under European law, this is a critical consideration when evaluating any AI platform. All data within GLBNXT Workspace, including user conversations, uploaded documents, agent configurations, knowledge collections, and audit logs, is stored and processed exclusively on GLBNXT-owned infrastructure located within the European Union. No data is transferred to or processed on infrastructure outside EU jurisdiction at any point during normal platform operation. This applies not only to the content you create and upload, but also to the metadata associated with your usage of the platform, including authentication events, session data, and usage logs. #### No Data Leaves the EU GLBNXT owns and operates its own GPU clusters and data centres within the EU. This means that when you interact with locally hosted AI models through Workspace, your prompts, responses, and documents are processed entirely within this infrastructure. There is no routing of data through external cloud providers or third-party services for locally hosted model interactions. For interactions with cloud-hosted models from external providers, data routing is governed by the specific configuration of your Workspace environment. Your administrator and GLBNXT representative can clarify how external model interactions are handled within your specific deployment. #### Your Data is Not Used for Model Training GLBNXT does not use customer data, including conversations, uploaded documents, or any other content processed within Workspace, to train AI models, whether its own or those of third-party providers. Your data remains yours. It is used solely to deliver the service to your organisation. *** ### Regulatory Compliance #### GDPR The General Data Protection Regulation is the primary data protection framework governing the processing of personal data within the European Union. GLBNXT Workspace is designed and operated in full alignment with GDPR requirements. Key aspects of GDPR compliance within Workspace include: **Data processing agreements.** GLBNXT provides a Data Processing Agreement that governs the processing of personal data on behalf of your organisation, meeting the contractual requirements set out in Article 28 of the GDPR. **Data subject rights.** Workspace supports your organisation's obligations in relation to data subject rights, including the right of access, the right to erasure, and the right to data portability. Your administrator can assist with fulfilling data subject requests that involve data held within the platform. **Data minimisation.** The platform is designed to process only the data necessary to deliver its functionality. Audit log and retention configurations allow your organisation to align data retention practices with the minimisation principle. **Privacy by design.** Data protection considerations are embedded in the architecture and operation of the platform from the ground up, not applied as a layer on top of a system designed without them. #### NIS2 The Network and Information Security Directive 2 establishes cybersecurity requirements for operators of essential services and digital service providers across the European Union. GLBNXT operates its platform in alignment with NIS2 requirements, including maintaining appropriate technical and organisational measures to manage security risks, implementing incident detection and response capabilities, and supporting customers in meeting their own NIS2 obligations where Workspace forms part of their critical information infrastructure. #### ISO 27001 ISO 27001 is the internationally recognised standard for information security management systems. GLBNXT operates under ISO 27001 certification, demonstrating that its approach to managing information security risks is structured, systematic, and independently verified. For organisations that require their technology vendors to hold ISO 27001 certification as a condition of procurement, Workspace satisfies this requirement. Documentation of certification status is available from your GLBNXT representative. #### SOC 2 Type II SOC 2 Type II is an independent audit framework that evaluates whether a service organisation's controls relating to security, availability, processing integrity, confidentiality, and privacy are operating effectively over a sustained period. GLBNXT holds SOC 2 Type II attestation, providing independent verification that the platform's security and operational controls perform as documented over time, not just at a single point in time. #### EU AI Act The EU AI Act establishes a risk-based regulatory framework for artificial intelligence systems operating within the European Union. GLBNXT monitors the requirements of the EU AI Act and their applicability to the Workspace platform, and works with customers to support compliance with relevant obligations as the regulation comes into full effect. For organisations deploying Workspace in contexts that involve high-risk AI applications as defined by the Act, GLBNXT can provide guidance on how the platform's controls and documentation support your compliance posture. *** ### Shared Responsibility Compliance is a shared responsibility between GLBNXT and your organisation. GLBNXT is responsible for the security, operation, and compliance posture of the platform infrastructure. Your organisation is responsible for how Workspace is configured and used within your environment, including how user access is managed, what data is uploaded and processed, and how the platform is integrated into your broader business processes. Understanding the boundary between these responsibilities is important for any organisation conducting a compliance assessment of Workspace as part of their procurement or risk management process. GLBNXT provides documentation to support this assessment, including Data Processing Agreements, security certifications, and compliance statements. *** ### Compliance Documentation Organisations that require formal compliance documentation for procurement, audit, or regulatory purposes can request the following from their GLBNXT representative: * Data Processing Agreement * ISO 27001 certificate * SOC 2 Type II attestation report * Trust Centre documentation covering security practices, infrastructure, and privacy controls * GDPR compliance statement For further information on GLBNXT's compliance posture and to request documentation, visit the GLBNXT Trust Centre or contact your GLBNXT representative directly. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.glbnxt.com/workspace/enterprise-controls/data-residency-and-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.