The new European privacy legislation (GDPR)

Privacy and safety are important to us. We take them seriously. That's why Speakap is a completely private and safe-to-use platform. And it goes without saying that Speakap meets all the requirements laid out by the new General Data Protection Regulation (GDPR).

The new legislation

With the ever-increasing digitisation of our world resulting in an avalanche of storable data, protecting information has become even more important than it ever was before. That is why the new GDPR legislation has been created and is being applied throughout the European Union.

GDPR replaces the Personal Data Protection Act (PDPA). The new law strengthens the rights of citizens when it comes to privacy. This law has two objectives: the protection of citizens in connection with the processing of their data and the protection of the interests of the free movement of personal data within the EU.

Starting date

GDPR is in place and active. Organisations have until May 25, 2018 to organise their data protection according to the regulations of GDPR. When this is met, organisations are referred to as being 'GDPR compliant'. From May 25, 2018, GDPR compliance will be enforced throughout the EU.


Non-compliance is costly for organisations who face a fine of up to 20 million euros or 4 percent of the worldwide annual turnover. A European committee has been set up to enforce legislation.

What measures has Speakap taken?

Speakap GDPR ready

Data kept inside the EU

We work with a European hosting provider to store and process data completely safely. We work as much as possible with Dutch or European sub-processors, with the data stored in a private cloud and in our data centres in the Netherlands and Germany. As a result, our data processing is transparent and verifiable.

We work closely with recognised partners to ensure that business processes regarding security and privacy meet the highest possible standards. Our security policy has been carefully designed to safely process and store the data.

Privacy through design and standard settings

Data is stored as long as our customers use our services. We delete personal data 30 days after the agreement is terminated. This gives customers enough time to export and store data in their own systems. We only process personal data that is necessary for the purpose of the processing.

Data processing agreement

We have a Data Processing Agreement (DPA) with our customers which includes objectives, responsibilities and safety protocols. This DPA meets all GDPR requirements.


In short, the new legislation comes down to:

  • improving the privacy rights of citizens
  • increasing obligations for the protection of data
  • making the reporting of data leaks mandatory
  • increasing fines for non-compliance