GDPR Compliance Explained: What It Means for the Platform

The General Data Protection Regulation (GDPR) is a European Union data protection law that came into effect on May 25, 2018. It establishes how personal data must be collected, stored, processed, and deleted for individuals in the EU.

GDPR was adopted to strengthen privacy rights and create consistent data protection standards across EU member states. Because GDPR applies broadly and includes strict obligations, many online services updated their privacy policies and data-handling processes when it took effect.

GDPR grants specific rights to individuals whose personal data is processed, including:

• Right to erasure: request permanent deletion of personal data
• Right of access: request access to personal data held about them
• Right to data portability: request an export of personal data in a machine-readable format
• Right to object: object to certain uses of personal data

These rights apply to personal data stored by any organization that processes data for EU residents.

To align with GDPR principles, RapidPro includes protections and features designed to support common privacy and compliance workflows, such as:

• Shortened data retention for live message data
• Downloadable archives in machine-readable formats to support data portability
• The ability to permanently delete individual contact records
• The option to request full workspace deletion

While GDPR is an EU regulation, many organizations apply GDPR-inspired standards globally. This means that even if your workspace or contacts are outside the EU, you may still benefit from improved data protection practices and privacy controls.

If you’re unsure how GDPR applies to your specific use case or workspace configuration, contact support using the widget in the bottom-right corner of your browser.