GDPR at Robocorp

What is GDPR?

The General Data Protection Regulation (GDPR) aims to strengthen personal data protection in Europe. The GDPR is a privacy law that became enforceable in May 2018 throughout the European Union (EU). The GDPR does the following:

  • Regulates how businesses can collect, use, and store personal data
  • Builds upon current documentation and reporting requirements to increase accountability
  • Authorizes fines on businesses who fail to meet its requirements

Who is impacted by GDPR?

The GDPR not only applies to organizations located within the EU, but also to organizations located outside of the EU that offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. The GDPR defines personal data to include any information relating to an identified or identifiable natural person.

In GDPR and other privacy laws, the data controller has the most responsibility when it comes to protecting the privacy and rights of the data subject, such as the user of a website. The data controller will be the one to define how and why data is going to be used by the organization. When automating processes you may need to use external services, such as Robocorp, to process data that is guarded by GDPR. A data processor simply processes any data that the data controller gives them. Robocorp acts as a data processor for organizations, who are running data, that falls under GDPR, in Cloud.

How does Robocorp help my organization comply with GDPR?

Robocorp is working to ensure that our products and services enable our customers to comply with GDPR. This includes:

  • Continuing to build upon the security features in our products, described in more detail in our Security and data protection whitepaper
  • Ensuring that contracts with our customers enable them to comply with the GDPR rules relating to appointing processors, and ensuring that our contracts with our own processors are compliant as well
  • Continuously monitoring the guidance around GDPR compliance, and adjusting our plans accordingly
  • Robocorp monitors the Cloud environment for security incidents and will notify customers and partners of any confirmed breach of Robocorp systems according to GDPR regulations.
  • The GDPR enhances the rights of data subjects in a number of ways. For example, data subjects have the right to object to the processing of their data and they have the right to access personal data about them. Organisations subject to GDPR will need to make sure they can accommodate the rights of data subjects if they are processing their personal data. Robocorp’s CSM and support organisations can help customers design their systems with these responsibilities in mind as well as help customers handle requests from data subjects.

How is the data processed by Robocorp?

As a data processor, Robocorp can process the following types of data on behalf of the data controller:

  • Orchestration in the Cloud. For Robocorp Cloud runtime environment to operate in a Robocorp Cloud Workspace, the only mandatory communication needed is workload-agnostic control data. Control data includes commands from the cloud and generic status information towards the cloud. By default, also standard output and error streams are delivered to Robocorp Cloud for convenience.
  • Work items’ Payload, Files & Storage. The software robot developer has full control over what happens to this data being accessed during the robot execution. The software robot developer can choose not to send sensitive data to Robocorp Cloud in work item payloads and artifacts. All data is stored within EU. For customers who would like to choose a different geographical area, please contact

Robocorp’s cloud environment is hosted on AWS and follows industry best practices for security. AWS undergoes its own series of independent third-party audits on a regular basis. Learn more:

What commitments does Robocorp make with GDPR?

The GDPR requires data controllers (such as organizations using Robocorp Cloud) to only use data processors (such as Robocorp) that provide sufficient guarantees to meet the requirements of GDPR Article 28. Robocorp’s terms of service reflect the Article 28 requirements.

Does Robocorp offer a Data Processing Addendum?

The terms of service applicable to Robocorp Cloud services automatically include data processing protections that satisfy the requirements that the GDPR imposes on data controllers with respect to data processors. If you are processing GDPR related data, your Robocorp Cloud admin should verify that this is being processed through Robocorp Cloud admin panel. If you have questions about how these terms apply, please contact us at

Whom should I contact with GDPR related matters?

Please email