GDPR & Zugata

What we are doing to help you comply with new rules that went into effect on May 25th, 2018

What is GDPR?

General Data Protection Regulation (GDPR) was passed by the EU Parliament in April of 2016. Replacing the Data Protection Directive from the 90s, it’s the biggest overarching legislative change in data privacy regulation to take place the last 20 years. In a gist, GDPR was created to standardize data privacy laws throughout Europe—and to put greater protection on the data privacy of EU citizens.

A full list of all the key GDPR changes can be found on the EU GDPR website.

When will Zugata be updating their legal documents?

We have updated our Terms of Service, Data Processing Agreement, and Privacy Policy.

What does Zugata do to ensure lawful data transfers from the EU?

The EU-U.S. Privacy Shield continues to be one valid way to ensure adequate safeguards are in place for personal data transfer from the EU to the U.S. The EU model clauses also remain a valid mechanism to lawfully transfer personal data. Zugata offers a Data Processing Agreement that incorporates the model clauses to our EU/EEA customers.

What features will Zugata support regarding the Access, Portability, Modification and Deletion requests from a user (data subject)?

  • Zugata will enables you to fulfill any access or portability request by easily exporting into a machine-readable format all the user's data from the admin portal or the profile of the user.

  • If someone asks you to change her information, you can do this through the admin portal.

  • You will be able to perform a permanent delete of a user and all her data through the admin portal.

Did Zugata appoint a designated DPO(Data Protection Officer)?

Zugata won't need to appoint a designated DPO( we are not a large company) but a trained team member ( our CTO ) is responsible for data protection matters as part of their role.

What about a European Representative?

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Zugata has appointed European Data Protection Office (EDPO) as it's GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by sending an email to or writing EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

What about data security?

  • Zugata is ISO27001:2013 certified and data security has always been our priority.

  • Procedures are in place to detect, investigate and report on personal data breaches within 72 hours of becoming aware of it.

  • We perform vendor risks assessments and verify their GDPR compliance.

Trusted by amazing teams

Discover how to build a high-performance culture at your company

We'll show you how over 1,000 companies are making an impact on their employees and their culture with Zugata.

Request a demo ➜