Article Summary
AutoRFP helps organizations maintain GDPR compliance through data minimization, robust security protocols, granular access controls, data portability, comprehensive logging, and transparent consent processes. Learn how our platform supports your data protection obligations.
Estimated Reading Time
5-10 minutes
Frequently Asked Questions
What is GDPR and does it apply to my organization?
The General Data Protection Regulation (GDPR) is a data protection law that applies to any organization processing the personal data of individuals within the European Union, regardless of where the organization is located. If you handle EU residents' personal data, GDPR compliance is mandatory.
Is AutoRFP GDPR compliant?
Yes. AutoRFP.ai is designed with GDPR compliance in mind and implements technical and organizational measures to help customers maintain compliance. We take data protection seriously and continuously update our practices to meet regulatory requirements.
How does AutoRFP help my organization stay GDPR compliant?
AutoRFP supports GDPR compliance through six key areas: data minimization, data security, access controls, data portability, record-keeping, and transparency. Each feature is designed to help you meet specific GDPR requirements.
What is data minimization and why does it matter?
GDPR requires organizations to collect only the data that is absolutely necessary for the intended purpose. This principle reduces privacy risks and limits your compliance obligations.
What data does AutoRFP collect?
AutoRFP's architecture is designed to minimize data collection. We only request essential information required for:
RFP response generation
System functionality
User authentication
Platform operations
We do not collect unnecessary personal data beyond what's needed to provide our services.
Can I control what data is stored in AutoRFP?
Yes. You have full control over the content you upload and store in AutoRFP. You can delete content, archive projects, and manage what information remains in the system at any time.
How does AutoRFP protect my data?
We employ robust security protocols including:
End-to-end encryption for data transmission
Encryption at rest for stored data
ISO 27001 certification for information security management
SOC 2 compliance for security, availability, and confidentiality
Regular security audits and penetration testing
Is my data encrypted?
Yes. All data is encrypted both in transit (when being transmitted) and at rest (when stored on our servers). This ensures your data remains secure against unauthorized access, loss, or destruction.
Who can access my organization's data in AutoRFP?
Only authorized personnel within your organization can access your data, based on the permissions you configure. AutoRFP staff cannot access your data without explicit permission, except as required for technical support (with your consent) or legal compliance.
How do I control who has access to data?
AutoRFP provides granular permission controls that allow you to:
Assign role-based permissions (User, Content Manager, Administrator)
Control project visibility by user or team
Restrict access to specific content or responses
Enable or disable the "View Other User's Requirements" permission
Create confidential projects with limited access
Can I restrict access to sensitive projects?
Yes. Use the Confidential Projects feature to restrict visibility to explicitly authorized team members only. Even administrators cannot access confidential projects unless specifically added as collaborators.
What is data portability under GDPR?
GDPR grants individuals the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another service provider without hindrance.
Can I export my data from AutoRFP?
Yes. AutoRFP supports comprehensive data export functions:
Export individual projects to Word, Excel, or other formats
Export content library to Excel for backup purposes
Download all organizational data in machine-readable formats
Does AutoRFP help with GDPR record-keeping requirements?
Yes. GDPR requires organizations to maintain records of their data processing activities. AutoRFP provides comprehensive logging features to support this requirement.
How does AutoRFP ensure transparency about data usage?
AutoRFP.ai provides:
Clear, articulated user agreements and privacy policies
Transparent information about how data is processed
Regular updates when policies or practices change
Accessible documentation about data handling practices
Is user consent obtained before processing data?
Yes. We secure explicit user consent before processing any personal data. This includes:
Acceptance of Terms of Service during account creation
Consent to Privacy Policy
Explicit permissions for specific data processing activities
Who can I contact for GDPR-related questions?
For GDPR compliance questions or support:
Email: [email protected]
Live Chat: Available in-app
Data Protection Inquiries: Include "GDPR" in your subject line for priority routing
Need Help?
π¬ Live Chat: Available in-app
π§ Email: [email protected] or contact your Success Manager directly for urgent support.
π Learning Centre: learn.autorfp.ai/en