Appsembler and the GDPR

The GDPR took effect on May 25, 2018. Learn about the GDPR, what it means for you, and how Appsembler has prepared for the changes.

What is the GDPR?

The GDPR (General Data Protection Regulation) is an EU Regulation which replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It took effect on May 25, 2018.

The full text of the GDPR can be found here.

Does the GDPR apply to me?

Yes, most likely. If you hold or process the data of any EU citizens, the GDPR will apply to you, whether you’re based in the EU or not.

While the previous EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it also applies to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU.

How has Appsembler prepared for GDPR?

In keeping with our ongoing commitment to privacy and security, our teams are ready for the GDPR. Also, we are committed to making it easier for you to comply with the GDPR.

We have evaluated the new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with applicable law.

Here are the main things we’re doing:

We’ve coordinated with our vendors

We’ve reviewed our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.

We’ve updated our Data Processing Agreements (DPAs)

Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Appsembler and our customers to meet GDPR requirements. This is available for customers to sign upon request.

We’re already certified for International Data Transfers

The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.

To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.

We’ve taken new security measures

In preparation, we upgraded our Open edX customers to the Hawthorn release to enable automation of GDPR-related requests. As of October 2023, all of our Tahoe customers are running the Juniper release, with an upgrade to the Maple release being investigated and prepared for 2024.

Have questions?

Our team is here for you. Feel free to reach out to us at if you have any questions about the GDPR.