EU General Data Protection Regulation (GDPR)


Staffbase Meets the Requirements of the EU General Data Protection Regulation (GDPR)

On May 25, 2018, the EU General Data Protection Regulation (GDPR) becomes legally binding. It was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.

All suppliers of services and goods who process data from EU citizens and work with companies within the EU must comply with the GDPR, meaning that it is relevant to most companies. Any organization that violates the GDPR may face fines of up to €20 million, or 4% of its annual global turnover, whichever is greater.

You can find more information about the GDPR here.
Staffbase complies with the requirements of the EU General Data Protection Regulation and provides a secure communication platform that protects employee and customer data equally. The privacy rights of our customers and the security of their personal data are our highest priorities. Therefore, under the guidance of our Data Protection Officer (DPO), we have assembled a team that guarantees strict compliance with all regulations.

Visit our Security page to learn more, or contact our DPO, Fabian Wiedemann, at


Certification in Accordance with ISO/IEC 27001

In addition to privacy, data security is one of the greatest responsibilities that Staffbase has to our customers, who entrust us with content for distribution to their employees on a daily basis. Our decision to certify in accordance with ISO/IEC 27001 in 2018 confirms our commitment to this trust in our processes and structures. Feel free to contact us at for the current status of the certification process.