Information on how TimeTap meets GDPR security regulations

Like many other companies, TimeTap has reviewed its company-wide compliance strategy with respect to the EU General Data Protection Regulation (GDPR), which came in to effect from 25th May 2018.

In doing so, TimeTap completed an audit of all data flowing in and out of our organization, either in our capacity as a Data Controller or as a Data Processor.

As a result, we have reviewed and updated our Privacy Policy and Cookie Policy; ensured we obtain consent before collecting personal data of our customers; provide access to that data, and provide the right to be forgotten in accordance with our Privacy Policy. We have either signed Data Processing Addendums with relevant third-party service providers or moved away from non-compliant providers.

TimeTap now offers a GDPR compliant Data Processing Addendum to our standard License Agreement so that customers can use our services in a GDPR compliant manner and we have executed Data Processing Addendums with our sub-processors.

We are committed to a process of continual improvement of our privacy and security measures; notifying regulators of personal data breaches and promptly communicating any such breaches to our customers.


What is the GDPR?
The General Data Protection Regulation (GDPR) is new European privacy law. The GDPR increases protection around the processing of personal data of EU data subjects by applying a single data protection law that is binding throughout each member state of the EU.

Who does the GDPR apply to?
The GDPR applies to any organization, whether or not they are established in the EU, that is processing personal data of EU data subjects.

Is TimeTap a Data Controller or Data Processor?
Under the GDPR TimeTap is both a Data Controller and a Data Processor.

Data Controller – TimeTap acts as a data controller when we collect and store accounts and contact information of our customers.

Data Processor – TimeTap acts as a data processor when our customers use TimeTap services to process personal data. Under these circumstances, our customer may act as a data controller or data processor, and TimeTap acts as a data processor or sub-processor.

Can I use the TimeTap to Process Personal Data?
Yes. If you intend to schedule documents that may contain Personal Data you should:

  1. Sign the Data Processing Addendum to our standard License Agreement.
  2. Use the TimeTap guidelines in accordance with: Guidelines for Using TimeTap Cloud Services in a GDPR-Compliant Manner

How do I enter into the Data Processing Addendum with TimeTap?
Please send an email to that specifies:

  1. Your personal name
  2. Your position
  3. Company name

We will then send you a copy of the Data Processing Addendum that you can review and sign electronically.

What technical and organizational measures does TimeTap have in place?
In response to Article 28 and 32 of the GDPR, we outline the technical and organizational measures we use to ensure the ongoing confidentiality, integrity, availability, and resilience of the TimeTap Cloud service, here: Security Measures