BambooHR Blog

GDPR Compliance: How BambooHR Protects Privacy


BambooHR is pleased to announce that its systems and processes are compliant with the new General Data Protection Regulation (GDPR).  (GDPR is the new standard in the European Union (EU) governing the privacy and data protection of EU residents. This new standard goes into effect on May 25, 2018.) This means that, BambooHR stands ready to support and assist its clients who have employees residing in the EU as they also meet their own obligations under the GDPR.

To comply with GDPR, companies who have EU based employees need to comply with the following important requirements:

  • Obtain consent to collect and process personal information
  • Protect personal data
  • Control access to personal data
  • Provide the option to erase personal data
  • Inform customers of data breaches



How BambooHR Handles GDPR for HR Professionals

BambooHR is staying ahead of the GDPR changes, both in its role as a data processor and in support of data controllers. BambooHR’s efforts include:

  • Providing a great software platform that allows client companies to comply with the GDPR requirements while still having a great experience.
  • Deploying industry-standard technical processes and procedures that protect data, both when it is in transmission and while we are hosting it. BambooHR demonstrates our compliance with these critical requirements through our annual SOC II audit by an independent auditing firm.
  • Providing a hosting center and data collection network within the EU. We selected world-class service providers for these critical processes: Rackspace and Amazon Web Services. Their stringent standards for data protection and security made them our choice for all of our customer data, including customers in the United States and the EU.
  • Working with EU and U.S. legal counsel to develop a Data Processing Agreement (DPA) that complies fully with the GDPR. This DPA, which will be the contract with all clients who are data controllers under the GDPR, also incorporates the European Model Clauses, also known as the Standard Contractual Clauses. (The Model Clauses were approved by the European Commission and are the industry standard for when personal data is transferred outside of the European Economic Area.)
  • Being certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. This certification also ensures that we comply with data protection requirements when transferring personal data from the EU and Switzerland to the United States.
  • Ensuring that we recognize that our clients own their data and that we process that data only in accordance with their instructions. This acknowledgment is recognized in our Terms of Service and Privacy Policy found at and, respectively. Our Privacy Policy is incorporated into our Terms of Service and our Terms of Service is our contract with every client.
  • Following the GDPR definition of acceptable timelines when processing client data requests, whether it’s gathering consent, providing access, or erasing data. We will also provide prompt notification in the event of a data breach.
  • Staying abreast of continuing GDPR developments and guidance, to support our clients’ compliance efforts.


See how our software can benefit your HR needs


What You Can Do to Protect Your GDPR HR Data

While it’s always a great time to think about improving data security, the GDPR deadline provides a good target for reviewing your organization’s privacy and security policies and evaluating how you put them into practice. While BambooHR has yet to have a data breach from hacking, there have been instances where individual customers have been careless with their login credentials or access permissions.

HR watchdog protecting employees

The best protection of personal information comes from a combination of continuously updated technology, thorough training for HR employees who handle and have access to personal data, and seamless communication about new requirements. BambooHR addresses each of these concerns with our features and support, and we will continue to support our clients as regulations evolve.

For more information on the upcoming GDPR changes, visit the official EU homepage.

BambooHR is the #1 HR software for small and medium-sized businesses. We set you free from spreadsheets so you can do great work.

Find Out More

Sign up for our Newsletter

Why would you want to give us your email? Because that's the only way to get these tasty morsels of world-class HR wisdom delivered to your inbox every month.

We use cookies to improve your browsing experience. By continuing to use this website, you agree to our use of cookies in accordance with our privacy policy.

Send this to a friend