GDPR

Last Updated: June 2026

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is the European Union’s comprehensive privacy and data protection law governing the processing of personal data of individuals located in the European Economic Area (EEA). Since its implementation on May 25, 2018, GDPR has established requirements for transparency, security, accountability, and individual privacy rights.

Graphly is committed to protecting personal data and maintaining practices designed to support GDPR compliance for customers and partners worldwide.

Is there a GDPR certification? Is Graphly GDPR certified?

There is currently no official GDPR certification recognized across all jurisdictions.

Graphly maintains policies, procedures, contractual protections, and security measures designed to support GDPR compliance. These include:

  • Data Processing Addendums (DPAs)
  • Data subject rights processes
  • Vendor management reviews
  • Security and access controls
  • Cross-border data transfer safeguards
  • Data breach response procedures

Customers and partners requiring a Data Processing Addendum may request one from our team.

How can Graphly support my organization’s GDPR compliance?

Graphly offers a Data Processing Addendum (DPA) that governs the processing of personal data on behalf of customers and is designed to satisfy applicable GDPR requirements under Article 28.

The DPA governs the terms under which Graphly, acting as a data processor, processes personal data on behalf of its customers, who typically act as data controllers. Graphly processes personal data only in accordance with documented customer instructions, applicable law, and the obligations established under the GDPR.

While Graphly provides tools, safeguards, and contractual protections designed to support GDPR compliance, each customer remains responsible for ensuring their own compliance with applicable privacy laws.

Who is Graphly’s Data Protection Officer (DPO)?

Graphly’s Data Protection Officer is:

Dustin Lunt
Email: dustin@graphly.io

In accordance with Article 38 of the GDPR, individuals may contact Graphly’s Data Protection Officer regarding matters related to the processing of personal data or the exercise of data subject rights under applicable data protection laws.

Who is Graphly’s representative in the European Union pursuant to Article 27 of the GDPR?

VeraSafe has been appointed as Graphly’s representative in the European Union for data protection matters pursuant to Article 27 of the General Data Protection Regulation.

If you are located within the European Economic Area, VeraSafe may be contacted in addition to Graphly’s Data Protection Officer regarding matters related to the processing of personal data.

Contact VeraSafe via:

https://verasafe.com/public-resources/contact-data-protection-representative

Telephone: +420 228 881 031

Or by mail:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

What is Graphly doing to maintain GDPR compliance?

Graphly maintains an ongoing privacy and compliance program that includes:

  • Review and management of third-party subprocessors
  • Security monitoring and access controls
  • Data processing documentation
  • Employee access management
  • Incident response procedures
  • Data subject request handling processes
  • Contractual safeguards through DPAs and vendor agreements
  • Ongoing privacy and security reviews

We regularly evaluate and update our privacy and security practices to align with evolving legal requirements, regulatory guidance, and industry best practices.

Does using Graphly automatically make my organization GDPR compliant?

No.

Each organization that processes personal data and is subject to the GDPR maintains its own legal obligations under the law. While using a GDPR-conscious platform such as Graphly can support compliance efforts, customers remain responsible for how they collect, use, disclose, retain, and otherwise process personal data.

Organizations should seek their own legal or professional guidance regarding GDPR compliance requirements.

Additional guidance can be found through the UK Information Commissioner’s Office (ICO):

https://ico.org.uk/for-organisations

Does Graphly provide tools that support privacy compliance?

Yes.

Graphly provides tools and processes designed to assist customers in meeting privacy obligations, including support for data deletion, anonymization, and suppression workflows where applicable.

These capabilities are intended to help customers address common privacy requirements such as responding to data subject requests and managing personal data throughout its lifecycle.

Am I a data controller? Is Graphly a data processor?

In most cases, Graphly customers act as data controllers because they determine the purposes and means of processing personal data.

Graphly generally acts as a data processor, processing personal data on behalf of customers in accordance with their instructions and the terms of the applicable Data Processing Addendum.

Controllers and processors have distinct obligations under the GDPR. Graphly’s DPA governs the relationship and responsibilities between Graphly and its customers with respect to personal data processing activities.

Do I need to obtain consent again from all my contacts?

Not necessarily.

Consent is only one of several lawful bases for processing personal data under Article 6 of the GDPR. Depending on the circumstances, processing may also be justified based on contractual necessity, legitimate interests, legal obligations, or other lawful bases recognized under applicable law.

Organizations should consult qualified legal counsel regarding the appropriate lawful basis for their specific processing activities.

What solution does Graphly offer for cross-border data transfers?

When personal data is transferred internationally, Graphly supports lawful cross-border data transfers through appropriate contractual and organizational safeguards, including Standard Contractual Clauses (SCCs) and other approved transfer mechanisms where applicable.

Graphly continually monitors developments in international privacy law and updates its transfer mechanisms as necessary to maintain compliance with applicable requirements.

What security controls has Graphly implemented to safeguard customer data?

Graphly maintains administrative, technical, and organizational safeguards designed to protect customer data against unauthorized access, disclosure, alteration, or destruction.

These safeguards include:

  • Role-based access controls
  • Secure authentication mechanisms
  • Encryption of data in transit
  • Backup and recovery procedures
  • Infrastructure monitoring
  • Vendor risk management practices
  • Security review and maintenance processes

Graphly regularly reviews and updates its security controls to align with evolving threats, industry standards, and customer expectations.

Additional information is available in our Data Security Statement:

https://graphly.io/data-security-statement/

Start a 14-Day Trial of Graphly for $1

Start Trial

One of the several

solutions.

© 2026 LEAP. All Rights Reserved.