GDPR & UK GDPR Compliance

On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) went into effect, establishing new global privacy rights for individuals in the European Union. Since then, the United Kingdom has adopted a parallel privacy framework known as UK GDPR following its departure from the EU.

At BugSplat, we take your data privacy seriously. We’ve worked hard to meet and exceed the obligations set out in both the EU GDPR and the UK GDPR.

BugSplat as a Data Processor

BugSplat operates as a processor on behalf of our customers, who act as controllers of their end-user data. We only process data as instructed by our customers and in accordance with applicable data protection laws.

Company-Level Actions

Consulted with external counsel to understand how both EU and UK GDPR affect BugSplat and our users
Reviewed and updated our Data Processing Agreement (DPA) to reflect:
- The latest EU Standard Contractual Clauses (SCCs)
- The UK Addendum for data transfers from the United Kingdom
Audited all vendors and subprocessors and signed DPAs where required

Product-Level Changes

Give customers the option to automatically obfuscate personally identifiable information (PII) such as usernames, email addresses, and IP addresses
Added a consent checkbox to crash dialog forms for end-users to voluntarily provide crash data
Provide tooling to allow customers to permanently delete specific users, email addresses, or IPs from all crash reports

Our Data Processing Agreement (DPA)

Our DPA reflects the requirements under both the EU GDPR and UK GDPR, including SCCs and the UK Addendum for international data transfers.

Additional Information

PreviousSOC 2 NextAvoid Collecting Personally Identifiable Information (PII)

Last updated 1 month ago

Was this helpful?