The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced the EU Data Protection law with the intention of strengthening the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU data.
If you hold or process the data of an any person in the EU, the GDPR will most likely apply to you, whether you’re based in the EU or not. Seek legal advice to make a determination and plan for compliance.
There are two different kinds of relationships defined in GDPR, that of “Controller” and that of “Processor”. The relationship between you as a customer and Paperform falls under both of these categories.
Paperform acts as a Controller in our direct relationship with you as a customer, and the information you give us directly (for example, that which is given when signing up).
The service Paperform provides however is as a Processor. We process and store information from respondents on the behalf of our customers.
No, this is a common misconception. While there are parts of regulation that apply to the transfer of data across regions, there is no requirement for data be stored in the EU.
We have taken several important steps:
Talk to us at mailto:firstname.lastname@example.org.