GDPR Compliance & IPsoft

The GDPR is effective on 25 May 2018 – Readiness is Key

Last Updated: 13 April 2018


Our Lawyers Are Making Us Say This: This microsite is neither legal advice for your company in complying with GDPR/other data privacy laws nor a magnum opus on EU/EEA data privacy. What we are providing is background information to help you better understand how IPsoft has addressed some important legal points. This legal content is not the same as legal advice, where an admitted attorney applies the law to your specific circumstances, and you must consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In summary, you may not rely on this microsite as legal advice, nor as a recommendation of any particular legal understanding.


 GDPR Home | GDPR Basics | Changes Within IPsoft | IPsoft Product Readiness | Key GDPR Changes | FAQs and Glossary

GDPR Basics

What is the GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will be effective as of 25 May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

The full text of the GDPR can be found here and a list of key GDPR terms you’ll need to know can be found here.

What is the GDPR Changing?

Since 1995, the EU and EEA have had the DPD in force, which has governed data protection in the EU for over twenty years. Although the GDPR replaces the DPD on 25 May 2018, the DPD set out the eight data protection principles which have been governing the treatment of personal data by organizations since 1995. And even though the GDPR supplants the DPD, IPsoft recommends you familiarize yourself with the current laws before you dive into the changes under the GDPR. If you want to read more about the 1995 Directive and eight original data protection principles, please visit our FAQ and Glossary page to learn more.

Does the GDPR apply to my company?

While the DPD governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who (a) market their products to people in the EU or who (b) monitor the behavior of people in the EU. This means that even if you’re based outside of the EU, but you control or process the data of EU citizens, the GDPR will apply to you.

The Changes Within IPsoft

IPsoft is continually focused on data protection and security efforts, and our GDPR compliance is part of that. During the implementation period for the GDPR – as well as in the time after the effective date, as new changes and legislation become needed – we will continually evaluate and implement new requirements and restrictions imposed by the GDPR. If we change our Terms of Service or our Privacy Policies, you’ll be notified on the IPsoft website, and we’ll also be updating this page and sharing content over the coming months.

Product Changes

Our technical and security teams are currently hard at work making necessary changes to IPsoft products for GDPR compliance and to help you meet your obligations under the GDPR to the extent that you use IPsoft products to collect and store EU personal data. If you are interested in any updates or important information about changes to our products, we recommend that those interested keep an eye on this page.

Our Legal Documentation

IPsoft’s Legal team are also busy ensuring our legal documentation (namely our Terms of Service, our Data Processing Agreement, and our Privacy Policy) will be updated to reflect any changes and to include the mandatory Data Processor provisions required by Article 28 of the GDPR. We’ll keep you updated as these changes are implemented, and we’ll also notify you on the relevant pages about such changes.

Data Transfers Outside the EU/EEA

IPsoft Incorporated maintains a Privacy Shield certification with the U.S. Department of Commerce which ensures that adequate safeguards are in place when we transfer personal data from the EU (and Switzerland) to the US. References to our Privacy Shield certification are included in both our Terms of Service and in our Privacy Policy, as well as on our Data Transfers page. We also offer a Data Processing Agreement  (including the EU-approved Model Clauses) to certain EU/EEA-based customers when needed. The good news is that the rules regarding transfers of personal data abroad don’t change under the GDPR, so we’ve already got you covered!


If you’re already a IPsoft customer or partner, please contact your account manager if you have any further questions, comments, or suggestions. If you don’t yet have a business relationship with IPsoft, please drop us a line via the contact us button in the right-hand corner of each page.