To prepare for GDPR, we have undertaken many phases of research and implemented many changes – some small, some larger.
As with any new regulation, we worked closely with legal and other professional counsel to understand our role under GDPR.
Policy, TOS updates and new DPAs
Internal data audit
We've reviewed all the data we collect, as well as the reasons for why we collect it, as well as which Zapier employees have access to it. We've documented and share as much of this data publicly as possible. For example, in our Data Processing Addendum you will see our enumeration of collected data.
We've worked through our list of vendors to ensure they are adhering to GDPR and have signed all relevant Data Processing Addendums with regards to that.
Improved data tooling
We've launched some tooling extend your ability to download your data from Zapier, as well as delete it from Zapier. Much of this tooling exists today (for example, you can export your Task History) but we'll be adding even more upgrades here as we've found it to be a great product feature even beyond compliance.
You can export and delete your data in Zapier in your account settings.
We've documented and shared any pertinent changes with customers and partners. This includes emails and on the site itself, here and in the updates blog.
Ongoing process changes
This includes revamping processes for how we do customer support, build product, report on data, and work with applicants as we grow our team. Much of this will be in the form of internal documentation, training and processes as required by GDPR.