GDPR and Paperform FAQ

Is Paperform GDPR ready?

Yes, Paperform is GDPR ready! We're also committed to helping our customers prepare for the EU General Data Protection Regulation (GDPR).

What’s GDPR?

The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.

Does it affect me / my business?

If you hold or process the data of an any person in the EU, the GDPR will most likely apply to you, whether you’re based in the EU or not.

I'm a Paperform customer, how does Paperform relate to me in terms of GDPR?

There are two different kinds of relationships defined in GDPR, that of "Controller" and that of "Processor". The relationship between you as a customer and Paperform falls under both of these categories.

Paperform acts as a controller in our direct relationship with you as a customer, and the information you give us directly (for example, that which is given when signing up).

The service Paperform provides however is as a processor. We process and store information on the behalf of our customers.

Must data be stored in the EU to be GDPR Compliant?

No, this is a common misconception. While there are parts of regulation that apply to the transfer of data across regions, there is no requirement for data be stored in the EU.

What has Paperform done to become compliant?

We have taken several important steps to become GDPR compliant.

  1. We've built new features internally to ensure that we can meet our GDPR obligations, including permanently deleting customer data on request.
  2. We've updated our Privacy Policy and Terms and Conditions. Of particular importance for our EU customers, we have included a Data Processing Agreement into the general Terms and Conditions. View the DPA here.
  3. We've appointed an EU Representative for Paperform. See the Privacy Policy for more information.
  4. We’re reviewing all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
  5. We've reviewed and implemented new internal security measures to ensure your data is safe.

Still have questions?

Talk to us at