top of page

What Buopso is doing about GDPR?

The right of its users to data privacy and protection has always been respected by Buopso. Beyond what is necessary for our products to operate, we have no need to collect or otherwise process the personal information of users, and this will never change. We already have a culture where privacy is important, and GDPR gives us a chance to make it even stronger.

What exactly is GDPR?

An EU-wide privacy and data protection law known as GDPR governs how businesses must protect customer data and gives EU citizens more control over their personal information. 


The GDPR applies to all globally active firms, not just those with EU locations and residents. No matter where they are situated, our customers' data is crucial, which is why we have made the GDPR controls our global operations' minimum standard. GDPR became operative on May 25, 2018.

What exactly is personal data?

any information pertaining to an identifiable or recognised individual. The GDPR addresses a wide range of data that could be used alone or in conjunction with other data to identify a person. More than just a person's name or email address is included in personal data. Examples include data related to finances, politics, genetics, biometrics, IP addresses, addresses in person, sexual orientation, and ethnicity.

How GDPR-ready is Buopso currently?

To follow this new regulation, we have taken numerous actions.

 Through frequent conversations in our internal channels, 

  • We have increased awareness throughout the organisation and trained staff to handle data responsibly. They are now aware of the significance of data security and the rigorous requirements of GDPR.

  •  We have personally evaluated each Buopso product in light of the GDPR's standards, and we've included new capabilities that will give you more control over your data and lessen the burden of GDPR compliance.

View the steps taken by some of our products to be GDPR-ready.


  • Buopso Lead Management

  • Buopso CRM

  • Buopso Approvals

  • Buopso Project Management


  • We have constituted an Information Asset Register(IAR), which includes information on all the roles Buopso assumes, such as a data controller and processor. It details on various categories of personal data processed by our organization and which department is getting access to which data and for what purpose. It has a comprehensive coverage of all our processes and procedures.

  • We have assessed our sub-processors (third party service providers, partners) and streamlined the contract process with them to ensure that they have addressed the pressing needs of the current security and privacy world.

  • We have appointed internal privacy champions for all our teams. We have also appointed a Data Protection Officer (DPO).

  • Our application teams have embraced the concept of privacy by design and have provided you more control over the data you store in our systems. These provisions may vary based on a product’s characteristics and domain. We constantly endeavour to provide you with more enhancements, which shall be rolled out in phases.

  • We have amended our Data Processing Addendum (based on Model Contractual Clauses) to be compliant with the data processing requirements of GDPR.
    If you are the organization administrator and would like to sign a DPA with us, please drop an email to to request a copy of the Data Processing Addendum mentioning in which Data Center you've signed up for your Buopso account.

  • We conducted Data Protection Impact Assessments (DPIA). Based on the results, we have put in place appropriate controls on data processing and management.

  • We conducted internal audits of our products, processes, operations, and management. The findings were communicated to our teams, who have worked out the solutions to the identified problems.

  • Based on the DPIAs and internal audits, we have improved our data security methods and processes. This includes encrypting data at rest, based on the level of sensitivity and likelihood of risks. We have developed in-house tools for better governance and discovery of data.

  • We have cleaned up our databases to ensure that we have only the latest and most accurate information. This cleanup process includes removing terminated and dormant accounts as per our  Terms of Service.

  • When needed, breach notifications will be done according to our internal Privacy Incident Response policy. Customers will be notified of a breach within 72 hours after Buopso becomes aware of it. For general incidents, we will notify users through our blogs, forums, and social media. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address).

  • We have revised our Privacy Policy to incorporate the requirements of the applicable privacy laws based on our data inventory, data flows, and data handling practices.


GDPR Policy

GDPR Policy

Our Actions Toward GDPR Compliance and Data Privacy Enhancement

bottom of page