Bpm'online provides its customers with control over their content with simple but effective tools. These tools provide bpm'online customers with the ability to control their users' access to bpm'online, as well as control where their content will be stored (on our cloud service across the EU territory), to ensure its security during transmission and storage (for this purpose, bpm'online has implemented HTTPS traffic encryption and solution database encryption).

Our company implemented reliable and comprehensive technical and physical control tools designed to prevent unauthorized access to user content or information disclosure.

Bpm'online ensures that our software products used by the bpm’online customers to store and process sensitive data allow them to implement the standards of working with confidential data in their organizations in accordance with the Global Data Protection.

What is GDPR?

The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The regulation replaces the Data Protection Directive 95/46/EC and will be in force May 2018.

Bpm’online's commitment
to GDPR readiness

Bpm’online, as a service provider, ensures security and proper processing of confidential data, provided to bpm’online by our customers, in compliance with all the requirements of GDPR.

Customers shall be independently responsible for processing the personal data of their clients within the context of the agreements for use of bpm’online system due to the fact that bpm’online has no independent control over such personal data.

Bpm’online shall process the personal data solely on the instructions of its customers within the context of the agreements with them, in line with the purposes and means providedby such customers.

We also invariably inform our customers on our privacy and data protection policies, as well as on the methods and technologies used.

Read the GDPR compliance guide to learn how bpm’online can help your company comply with GDPR requirements.

Processing personal data
with bpm’online

As an organization acting as a data processor, bpm’online commits to the following obligations:


Customers independently control the access to their content in the bpm'online service. In order to effectively complete this task, bpm'online provides an extended set of tools for access control and logging. We do not use access to customer content, except the cases when it is required by law and when it is necessary for the bpm'online service support and its provision to our customers and end users.


Customers choose in which regions their content will be stored. We do not move or copy content outside the selected regions, except the cases when it is required by law and when it is necessary for the bpm'online service support and its provision to our customers and end users.


Customers choose how their content will be secured. We provide our customers with the reliable means of encrypting user content for its safe transfer and storage, but do not provide the ability to use their own encryption keys.

Disclosure of the client content

We do not, under any circumstances, disclose the content of customers, except the cases when it is required by law or by a valid mandatory order issued by a government or other regulatory body. Before disclosing the content, bpm'online notifies its customers so that they can prevent disclosure, except the cases when such notice is prohibited or when there is clear evidence of illegal activities related to the use of the bpm'online services.

Guarantee of security

We have developed a security program using the world's best practices for data protection and privacy to help our customers create and manage a security management environment. These security and management processes have been repeatedly verified by independent third-party specialists, as evidenced by the ISO / IEC 27001: 2013 certificate of conformity granted to the cloud service and the bpm'online software.

Implementing your organizations
data protection policies with bpm’online

We understand that it is very important for our clients, as data aggregators, to manage the task of implementing policies and processes to protect and secure the personal data.

This task affects the majority of activity areas and departments of the organization. The implementation of the relevant standards established by the GDPR requires changes in the most of the organization's processes, in the overall culture of working with data and in the proper use of technologies for data processing.

The adaptation of technologies to meet the requirements of the GDPR is only a part of the policies and processes that need to be implemented by organizations. On its side, bpm'online, as a vendor of CRM and BPM software products, ensures that while using them, the customers have the ability to easily implement those processes and changes that are related to technologies and can be automated with their help.

The basic capabilities of all bpm'online software products provide the customers with out-of-the-box tools:

For setting up all necessary business processes in accordance with the requirements of the GDPR standards;

For processing customer requests as data subjects related to personal data stored in bpm'online (for example, the right to erasure or access right implementation tools).

Realizing the relevance and importance of the task of rapid changes implementation by organizations related to GDPR compliance, bpm'online additionally:

Supports all initiatives of community partners and bpm'online customers to create additional tools that further simplify the implementation of necessary changes in the GDPR policies;

Will contribute to sharing knowledge and best practice processes related
to the protection of personal data.