GDPR Compliance

Last Updated: 03/15/2018

in 2016, Europe adopted a new set of data protection laws called the General Data Protection Regulation (GDPR).

These laws are meant to protect personal data of EU citizens and are set to go into effect in May of 2018.

We take data security very seriously and are working to confirm that Knack will be GDPR compliant by the enforcement date.

This page outlines that compliance and provides more details to ensure you are following compliance regulations for your own applications and data.

What is the GDPR?

The European Commission approved and adopted the new General Data Protection Regulation (GDPR) in 2016.

This regulation aims to give EU-citizens more control over their data, and create uniform privacy rules to enforce across the EU. This will be replacing the EU Data Protection Directive as well as local laws relating to it.

Although this law originates in the EU the reach of these regulations is global. Any business holding personal data on customers, prospects, or employees based within the EU are subject to the new regulations.

The GDPR defines “personal data” as any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person.

Will Knack be compliant with the GDPR?

Yes. We’ve long maintained data centers in Europe to ensure data for our European customers is not leaving the EU. We can confirm that all Knack accounts which house data in these EU data centers will comply with the GDPR when it becomes enforceable on May 25, 2018.

To further comply with the GDPR we’re working on implementing the following.


We’re adding a new feature that will enable you to easily and completely delete all data linked to an individual user.

We’re creating new data processing agreements (DPAs) that explain the privacy considerations in place and our terms for meeting GDPR compliance.

Team Changes
We are appointing a Data Protection Officer to oversee and maintain policies as they relate with data management.

We’re augmenting our team training to accommodate needs associated with GDPR.

Data Transfers

We have already self-certified under the E.U.-U.S. Privacy Shield to ensure that all transferring of personal data is compliant.

As such, we currently maintain data centers within the European Union - specifically, Frankfurt, Germany.

All of the data for these EU apps are completely isolated to these servers, including the jobs and backups. This data is 100% encrypted both in transit and at rest.

If you are unsure if your data is currently housed in our EU data center, you can check within your App Settings to confirm. At the top, just navigate to the Info tab and you'll see where your data is hosted under Data Location.

Do you need to do anything to be compliant?

The short answer here is yes. Although we can make sure information we collect and store is compliant, the act you take in acquiring information from your own users may require additional steps to be compliant.

Some steps you can take are:

  • Read up on the new regulations and how they may impact your business.
  • Discuss any potential changes you may need to make with your attorney.
  • Take a fresh look at all the existing information you process and how it’s processed, to determine if any changes need to be made.
  • Keep information privacy in the forefront of your mind when developing new applications, and auditing your current applications.