GDPR FAQs

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.

Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.

Who does the GDPR apply to?

The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).

Are customers required to sign any DPA?

By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.

Does the GDPR require EU data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfer of personal data outside the EU.

Data transfers from the EU to outside can be legitimized in many ways including

  • EU-US Privacy Shield
  • Model or Contractual clauses
  • Binding Corporate Rules (BCR)
Need more help?

- Can't find the answer to your questions? Contact ProofHub Support
- Check our blog for the latest additions, updates and tips.