We’ve added the Data Processing Agreement to our websites. Simply print the signed DPA and add your company information. The agreement comes into effect when your Bitrix24 account administrators provide all necessary information in the account settings (GDPR Compliance section) for our records keeping.
It’s important to understand that Bitrix24 accounts can be hosted inside and outside the European Union, depending on which Bitrix24 domain you’ve chosen. It’s a common misconception that GDPR requires you to host your data inside the EU. That’s not the case. However, GDPR requires to notify the EU residents about international data transfers when they happen. Still, we recommend that our European clients use Bitrix24.eu, Bitrix24.de, Bitrix24.pl or Bitrix24.fr accounts just to be on the safe side, because these accounts are hosted in AWS data centers in Frankfurt, Germany, which are fully GDPR compliant. Bitrix24.com, Bitrix24.es and Bitrix24.com.br data is stored in the United States. Also, keep in mind that commercial Bitrix24 users can submit helpdesk requests to transfer their data from one data center to another (EU to US or the other way around).
GDPR compliance for your employees and clients
If your business resides in the EU or works with the EU customers, you are required to meet all GDPR requirements as well. When using Bitrix24 CRM web forms and our live chat widget, you need to activate the option that asks for consent of personal data processing or contact your regional Bitrix24 partner to help you with that. Likewise, your employees or your clients from the European Union, whose data you store in Bitrix24, have all the same GDPR rights (right to erasure, right to access, etc.). We’ve added two marketplace apps that allow you to delete, anonymize or port out personal data for Bitrix24 users (employees) and CRM records.