What’s GDPR?

The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced the EU Data Protection law with the intention of strengthening the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU data.

Does it affect me / my business?

If you hold or process the data of an any person in the EU, the GDPR will most likely apply to you, whether you’re based in the EU or not. Seek legal advice to make a determination and plan for compliance.

I’m a Paperform customer, how does Paperform relate to me in terms of GDPR?

There are two different kinds of relationships defined in GDPR, that of “Controller” and that of “Processor”. The relationship between you as a customer and Paperform falls under both of these categories.
Paperform acts as a Controller in our direct relationship with you as a customer, and the information you give us directly (for example, that which is given when signing up).
The service Paperform provides however is as a Processor. We process and store information from respondents on the behalf of our customers.

Must data be stored in the EU to be GDPR Compliant?

No, this is a common misconception. While there are parts of regulation that apply to the transfer of data across regions, there is no requirement for data be stored in the EU.

What has Paperform done in regards to GDPR?

We have taken several important steps:

  1. We’ve built new features internally to ensure that we can meet our GDPR obligations, including permanently deleting customer data on request.
  2. We’ve updated our Privacy Policy and Terms and Conditions. Of particular importance for our EU customers, we have included a Data Processing Agreement into the general Terms and Conditions. View the DPA here.
  3. We’ve appointed an EU Representative for Paperform. See the Privacy Policy for more information.
  4. We’ve reviewed our vendors, discussed their GDPR plans, and arranged similar GDPR-ready data processing agreements with them.
  5. We’ve reviewed and implemented new internal security measures to ensure your data is safe.

Still have questions?

Talk to us at mailto:support@paperform.co.