GDPR - General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in European Union law regarding data protection. It aims to give control over their personal data to citizens and residents of the EU and to unify international business regulations.

It was adopted on April 27, 2016, and became enforceable on May 25, 2018.

Who does the GDPR affect?

The players:

  • Data Controller - Organization that collects data from EU residents
  • Data Processor - Organization that processes data on behalf of a data controller
  • Data Subject - Citizen or resident of the EU

The GDPR not only applies to organizations located within the EU, but it will also apply to organizations located outside of the EU if they offer goods or services to EU subjects. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location.

Jackrabbit and the GDPR

Jackrabbit takes data security and privacy very seriously and is committed to protecting our client's data, privacy, and personal information across the globe.  

We are proud to say we have taken steps to ensure we support and comply with the EU's General Data Protection Regulation (GDPR).  

As the data processors, we have appointed an in-house DPO (Data Protection Officer). We engaged counsel specializing in GDPR who assisted us by reviewing our data and privacy procedures. They helped us pull together the necessary supporting documentation, processes, and procedures to comply with the GDPR and provide our clients with the necessary documentation.  

We believe the GDPR is a big step in the right direction toward better data protection and privacy.  

Update: May 10, 2018

Our retained counsel has completed a review of our Data mapping inventory and summarized this information into a GDPR Data Mapping Chart for our use. This has been identified as the best first step in implementing the vast areas of GDPR.

As a result, they are drafting two new documents for us:

  • A new public "privacy policy" which will be high-level and for public consumption, likely linked on our websites.
  • A more specific Data Privacy document for our clients stating what our data protections, security practices, and commitments are for the GDPR.

Under consideration is an additional "Privacy Policy" link(s) to the parent during the registration process. GDPR does not state specifically HOW or WHERE we should do this, only that the privacy policy be made available.  It can be included as a link from their website, in their Registration form legal policy text, or within an Email template.  We are working on the logistics of this. 

Update: May 23, 2018

Based on guidance from our legal counsel, we now have a new “Data Privacy and Data Security Agreement” that can serve as a “contract” between a client in the EU (acting as the “Controller” of the personal data) and Jackrabbit (acting as a “Processor” of the personal data) and satisfies Article 28.3 of the GDPR.

Our Data Privacy and Data Security Agreement is available on request. Send us an email at if you’re interested in receiving one.

We have also updated our public Privacy Policy to include the newer GDPR language.  Refer to Jackrabbit Class Privacy Policy for complete details.