GDPR Compliance with Keboola


GDPR is a legal framework, so:

Full GDPR text

  1. Keboola “KBC” is “just” a technology - same as your harddrive => the client is controlling what is going on, we have no access to the data until we are invited into a project (Keboola operates KBC without access to data)
  2. KBC implements some principles which are handy for GDPR: data takeout, regionality (everything sits in EU if you have KBC EU project), transparency (data format, configurations, source code…), auditability…
  3. [rights for data] you can get copy of end-user data and provide it to them (in separate KBC project) in readable and non-proprietary form
  4. [rights to be forgotten] - you can clean data based on some list and stop working with specific records

So, our position is very clear: we’re modifying legal documents and we’re clearing some tech features (not related to security).