GDPR – A New Era in Privacy Regulation

Learn more about how the GDPR affects Snap Schedule 365 and our commitment to GDPR compliance.

The General Data Protection Regulation (GDPR) introduces a new privacy era that strengthens the rights of individuals. This regulation defines the obligations of organizations that collect, store, and process personal data belonging to European Union (EU) residents.

In addition to our own compliance as a data processor, we are committed to helping our customers comply with GDPR requirements that may apply to their use of Snap Schedule 365 Software-as-a-Service.



No, there is not currently a GDPR certification issued by the European Commission. After the GDPR goes into effect on May 25, 2018, we will monitor any new development from the European Commission regarding official certification.

The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. A data controller is the entity/person that determines purposes and means of processing personal data of the EU resident. Data processors provide services to the controller in accordance with each controller’s instructions. Another category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data, according to the GDPR

If you sign up for a Snap Schedule 365 subscription and use the software to schedule your employees, you are the data controller for the personal data of your employees. We, the Snap Schedule 365 service provider, are a data processor and we use subprocessors like Microsoft Azure to provide cloud hosting and other services.

The DPO is responsible for informing employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:

  • process large amounts of personal data
  • carry out large scale systematic monitoring of individuals or,
  • are a public sector authority

Data protection​ ​by​ ​design​ means incorporating privacy features and functionality into products and services from the time they are first designed.

Data protection​ ​by​ default means, businesses must implement appropriate measures to mitigate privacy risks at the time of collection of the data and extending it to  the time of processing it.

Yes, for most paid customers this can be done at time of account provisioning. You can ask to have your data to be kept in a Microsoft Azure data center in the US or in a European Economic Area, the UK..

Click here view a copy of the Snap Schedule 365 Data Processing Agreement..