Behavest and the GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is the biggest change to European data protection legislation in over two decades. It governs the European Union’s (EU) protection of personal data, including its processing and transfer, and seeks to unify data protection laws across Europe. It will come into effect on 25 May 2018.

Does it apply to me?

While the GDPR is aimed at protecting the processing of personal data within the EU/EEA, it has a very broad scope and will affect organizations both inside and outside the EU/EEA that process personal data. This can relate to goods offered or services rendered to subjects within the EU/EEA or that monitor their behavior. If you collect, control or process the data of subjects within the EU/EEA, then the GDPR most likely applies to you.

Does the GDPR require the storage of personal data in the EU/EEA?

The GDPR doesn’t require the storage of personal data within EU/EEA boundaries. It does, however, set certain conditions before any personal data can be transferred outside the territory. These conditions are defined in the GDPR and organizations must comply with them before moving data across borders.

Disclaimer: Nothing on this website constitutes legal advice on compliance under the GDPR and the text contained here is not a substitute for legal advice. We strongly recommend seeking legal advice for accurate information about your GDPR compliance.

Our Commitments

The information below refers to our cloud and server versions, as applicable.


Our products are backed by state-of-the-art technology. We protect our data by implementing best industry standard encryption on our data both in transit and in rest. We are committed to treating all personal data received from EU member countries in accordance with the relevant legislation.

Incident response

We will inform our customers of incidents involving your data in line with our current and future agreements. We have 24/7 incident response procedures that will help you identify and respond to any events that may breach personal data without undue delay.


When the GDPR comes into effect, Behavest will act as a processor for its customers, who are the controllers of their personal data. This is in accordance with the GDPR and we have built privacy mechanisms into our products in order to support this. We are committed to continuously developing these mechanisms and will carry out periodic checks of our processes.

Legal documentation

We will ensure our contracts will be updated to reflect any changes to our products as required by the GDPR. This will enable us to continue to lawfully receive and process data. We will notify our customers about changes to our legal documents through the usual channels.

Product changes

Our teams are making changes to ease compliance with GDPR, including the areas of data minimisation, purpose limitation and data subject rights. We are analyzing our features and flows to make them better for our users subject to the GDPR, as well as evaluating new GDPR-compliant features to add to our systems. We will notify customers about any new features through our usual channels.

Need more information?

The full text of the GDPR can be found on the European Union’s legislation website.