General Data Protection Regulation (GDPR)


Last updated: April 24, 2018


The European Union’s General Data Protection Regulation (GDPR) is a significant step forward and change in data privacy regulation. Passed on April 26, 2016, GDPR seeks to strengthen and standardize user data privacy across all EU member states by setting forth new and additional obligations to all organizations that interact with EU citizens’ personal data, regardless of where that organization may be located. These obligations become effective on the 25th of May 2018.

PSPDFKit is fully committed to being in compliance with the GDPR and is currently conducting Privacy Impact Assessments on all of our products and services.

How is PSPDFKit preparing for GDPR?

The GDPR’s updated requirements are expansive and our team is working diligently to make sure both PSPDFKit and customers of ours are able to be compliant by May 25, 2018. This effort requires a multitude of steps prior to the effective date as well as ongoing obligations after the regulation goes into effect.

Here’s a summary of the steps we are currently taking and will take:

  • Conducting Privacy Impact Assessments on all of our products and services to determine which products collect personal data or do not, what personal data we collect if any, and where such personal data is either stored, sent or processed by third party vendors.
  • Compiling a list of all third party vendors that process personal data on our behalf and ensuring they are GDPR compliant or make plans to replace them as a vendor.
  • Signing any necessary Data Processing Agreements with any third party vendor data processors.
  • Developing a strategy and requirements to implement processes for any personal data we collect or process through use of any of our products and services to be compliant with the requirements under GDPR.
  • Finalizing and communicating the information above to ensure compliance with GDPR.

How does GDPR affect customers of PSPDFKit’s SDK products?

All of our SDK products are intentionally designed to never have access to any of your customers’ or users’ personal data nor does our support platform intend to be used to process any personal data. If you are concerned that the use of our SDK products or support platform could categorize us as a third party vendor data processor under GDPR, then please send your concerns to so that we can determine what steps we can take to assist you in fulfilling any obligations you may have as a data controller.

How can PSPDFKit help address requests from Data Subjects?

PSPDFKit is currently developing a process to handle intake, review and process we receive or any customer requests arising from Data Subject Access Requests (DSAR) they receive. As a result of a DSAR, a customer or users of ours might request that PSPDFKit securely delete or return the Data Subject’s personal data. Since DSAR are inherently very sensitive, such requests will be handled by PSPDFKit on a case-by-case basis.

Where can I find out more?

If you have any questions or concerns specifically related to GDPR or how PSPDFKit handles privacy & security of the data it collects, please view our privacy policy located at or reach out to us at