Where can I learn more about GDPR and Paperform?

What’s GDPR?

The EU General Data Protection Regulation (“GDPR”) is a data protection law that came into effect on May 25, 2018. It is a single set of rules which govern the processing and monitoring of EU data. It is designed to give EU citizens and residents more control and visibility over how their personal data is used by businesses.

Does it affect me or my business?

While we can’t tell you if the GDPR captures your business, generally the GDPR applies if your business has an establishment in the EU, offers goods or services to individuals in the EU, or monitors behaviours of those in the EU.

If you think you might be caught by the GDPR or you’re not sure, we recommend that you seek legal advice to make a determination and plan for compliance.

I’m a Paperform customer, how does Paperform relate to me in terms of GDPR?

For information you provide directly to us as a customer (e.g. your name and email address), Paperform acts as Controller. For information captured using Paperform's services, Paperform acts as a Processor. It is important that we all comply with the GDPR when transferring personal data.

Must data be stored in the EU to be GDPR compliant?

No, this is a common misconception. There is no requirement for data to be stored in the EU, as long as it is adequately protected in line with the requirements of the GDPR.

What has Paperform done in regards to GDPR?

We have taken several important steps:

  1. We have prepared a Data Processing Agreement that clearly sets out the roles and obligations of customers and Paperform when handling personal data that is captured by the GDPR.
  2. We’ve built new features internally to ensure that we can meet our GDPR obligations, including permanently deleting customer data on request.
  3. We’ve updated our Privacy Policy and Terms and Conditions (DPA can be found linked in the T&Cs) to ensure they align with our obligations.
  4. We’ve appointed an EU Representative for Paperform. See the Privacy Policy for more information.
  5. We’ve reviewed our vendors, discussed their GDPR plans, and arranged similar GDPR-ready data processing agreements with them.
  6. We’ve reviewed and implemented new internal security measures to ensure your data is safe.
  7. We have implemented policies and systems that require us to continually monitor, assess and improve our data privacy and security practices.

Still have questions?

Talk to us at support@paperform.co.