The General Data Protection Regulation (GDPR) is a landmark privacy law that affects all organizations that handle personal data of EU individuals. GDPR strengthens data protection laws, expands the privacy rights of EU individuals and went into effect on Mar 25, 2018.

Everflow is compliant with GDPR from a technology and process standard. Everflow platform was updated to adhere to the requirements set forth in GDPR prior to the law going into effect.

Everflow's GDPR Compliance process

Everflow is fully committed to comply with it's obligations under GDPR, under which Everflow is a data processor. Data Processor is a person or organization who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal data processing.

As part of complying with GDPR, Everflow reviewed its product stack and business processes impacted by the law. Here are the steps we have undertaken to be compliant with GDPR.

  • Develop a plan to address the product areas and processes impacted by GDPR
  • Publish a Data Protection Agreement
  • Rewrite our Privacy Policy and Service Terms
  • Cookie tracking consent: Present users with a consent notice to accept or deny cookies starting May 25, 2018
  • Delete end user data and employee, affiliate or advertiser account data upon request by Data Controllers
  • Enable users at account level to opt in for obfuscation of personal data elements:
  • IP Address: Replace last octet with "xxx" in reports for all EU users starting May 28
  • Device ID: Blanking out device IDs available upon request
  • Signed up with a resolution provider


What is GDPR?

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

Does GDPR Require Personal Data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. Everflow's data processing addendum will continue to help our customers legalize transfers of EU personal data outside of the EU.

What does GDPR Regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of "personal data" is very broad and covers any information relating to an identified or identifiable individual (also called a "data subject").

If you have any additional questions about GDPR and what we are doing in this area, please don't hesitate to contact us at privacy@everflow.io