As many of you know, the General Data Protection Regulation (GDPR) is fast approaching. We wanted to update everyone on what we are doing here at Wufoo to ensure we’re compliant with the upcoming May 25th, 2018 deadline.

Data privacy and security has always been a top priority at Wufoo. We work closely with our parent company, SurveyMonkey, to ensure that our privacy standards are first class. GDPR is no different and we’re taking the necessary steps to ensure that all requirements are fully met.

What is GDPR?

Set to take effect in May 2018, the General Data Protection Regulation (GDPR) addresses the vast changes which have taken place in the technological arena over the past two decades and seeks to harmonise the approach to data protection matters across Europe by establishing a single set of rules. It replaces the Data Protection Directive which has been law across the European Union for the past 20 years.

Why is GDPR important?

The impact of GDPR will be significant as it affects any business that collects data in or from Europe (whether they’re based in Europe or not). GDPR requires businesses to give individuals greater visibility into and control over the data they provide to those businesses.

In order to ensure that the protection of personal data remains a fundamental right for EU citizens, the aim of the GDPR is to modernise outdated privacy laws. Significant fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater, may be levied on organizations who fail to meet their obligations with respect to handling data under the GDPR.

What is Wufoo doing?

We have always been keenly aware of the importance our customers place on privacy and security. We see GDPR as an opportunity to continue our long tradition of protecting your Wufoo data and giving you more control over it.

• Access control, data encryption, soc-2, continuous, vulnerability, incident, security, pci 3.2, hitrust,

While Wufoo already uses state of the art SOC II certified data servers in the United States, we are aware of the new and increased security standards that GDPR introduces and will continue to evaluate our practices to ensure they align with best-in-class industry standards.

We will also be introducing some changes to our customer-facing legal terms (e.g. terms of use, privacy policy and statements, data processing agreement) to enable Wufoo and its customers to comply with GDPR requirements. In accordance with our Terms of Use, we will notify our customers of these changes in advance of them being implemented.

For security we ensure:

• your data is protected with encryption at rest and in transit,
• access control for both authentication and authorization,
• continuous network & security monitoring,
• vulnerability management,
• incident response and recovery,
• ongoing security awareness training,
• Periodic independent 3rd-party security reviews and penetration testing
• EU-US Privacy shield certified
• PCI DSS 3.2

Data Retention

We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. For example, you can delete a single individual form response from your account if required to do so. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups.

Have questions?

If you have any additional questions around Wufoo and GDPR, please reach out to our support team who will be more than happy to answer any questions you might have.

In the meantime, happy form building!