What is GDPR?

At Typeform, we take your data privacy and security seriously. This article explains the basics of the European General Data Protection Regulation (GDPR), and how it affects you.

What’s GDPR?

This is a European Union regulation, designed to improve the data security and privacy of European citizens. Find out more on Wikipedia – the short version is “companies in Europe have to make sure your data is safe, and that you can access and control it”. Sounds like a good idea, right?

It’s about giving you greater security, transparency, and control of your personal data online. We think this is a good thing wherever you’re from, not just if you live in the European Union!

GDPR and Typeform

We’ve made GDPR compliance a priority at Typeform: we created a team to work across the whole company to make sure we’re ready for GDPR even earlier than May 2018. For us this is not just box-ticking, but about baking these new principles of privacy and security into everything we do.

We’re reviewing our contracts with vendors and partners to make sure they are also compliant, and can give us the guarantees on privacy and data protection that we need, such as the EU-US Privacy Shield framework.

Frequently Asked Questions

We know you may have questions, so we’ve put together some of the most frequently-asked below. If you have more, please go to the bottom of this page, and click Contact Support.

You can see all of our GDPR related articles here. We’ve tried to make it as easy to understand and simple as possible, as the world has enough endless legal documents that no one ever reads.

How can I exercise my GDPR rights?

Under GDPR in the European Union, we are all data subjects, and have certain rights.

If you have a Typeform account, this article explains how to exercise your GDPR rights:

If you’ve completed a typeform and want to exercise your GDPR rights, see this article:

What is a data subject?

Good point! A data subject is legal jargon for any living person who has some personal data stored somewhere. So, that means pretty much all of us! We can’t, unfortunately, rewrite European Regulations without all the legal jargon, but we’ll try to explain it to you when necessary!

Do you have a Data Processing Agreement available to sign?

To be GDPR compliant, a company needs to have a Data Processing Agreement (DPA) signed with any third-party vendor/company they have a data relationship with. If that’s not you, don’t worry about it!

You can request a DPA using the Contact Support button at the bottom of this page. We’ll then send you everything you need.

How do I contact your Data Protection Officer (DPO)?

You can get in touch with out DPO by contacting Support. Use the Contact Support button at the end of this article.

What does this mean for me?

If you’re a company, this means more transparency and visibility of how we process personal data. If you’re an individual, you don’t need to do anything! This all just means your data is safer than ever.