Code42 and GDPR compliance


The General Data Protection Regulation (GDPR) is a regulation enacted to strengthen data privacy for all individuals within the European Union (EU). All organizations that process personal data of individuals in the EU are required to comply with GDPR.

Code42 users have substantial amounts of business-critical data on their devices, often including personal data. Code42 will comply with its requirements under GDPR. In addition, Code42's product features can help your organization comply with its own compliance obligations under GDPR.

This article describes:

The GDPR sections in this article can help you develop a compliance plan, but are not an exhaustive list of things to consider.

Compliance is your responsibility
Code42 provides features you can use to meet your obligations under GDPR, but Code42 cannot dictate if and how you comply. It is your responsibility to develop the plan, methods, and procedures you will follow to be in compliance with GDPR.


  • GDPR is effective as of 25 May 2018.
  • GDPR applies to both EU and non-EU companies if they process personal data about EU individuals. 
  • Not all organizations include endpoints in their GDPR compliance strategy.
Data Processing Addendum (DPA)
Code42's Master Services Agreement incorporates a Data Processing Addendum (DPA) that provides contractual commitments Code42 customers need to meet their GDPR requirements.
  • For Code42 for Enterprise customers who have renewed their subscriptions after July 15, 2017, and for all CrashPlan for Small Business customers, the DPA applies automatically under your Master Services Agreement.
  • For other Code42 for Enterprise customers, Code42 has created a retroactive version of the DPA that can be entered into upon request.

Code42's compliance with GDPR

GDPR sets forth baseline data-protection requirements for organizations that process and move the personal data of individuals in the EU. Organizations subject to GDPR must ensure that any service providers that process personal information of EU individuals meet specific requirements.

Code42 will comply with its requirements under GDPR. As part of our compliance, Code42:

  • Implements technical and organizational measures to ensure personal data is protected.
  • Provides timely data-breach notifications to customers.
  • Transfers personal data outside the EU only if there is a lawful transfer mechanism in place with the organization receiving the data. This ensures adequate protection of the personal data being transferred.

For complete information about how Code42 handles your personal data, see the Code42 Privacy Statement

Incydr Professional, Enterprise, Horizon, and Gov F2 features to help you comply with GDPR

Incydr Basic, Advanced, and Gov F1 features to help you comply with GDPR

Additional resources