GDPR, or General Data Protection Regulation, is the most comprehensive EU data privacy law in over 20 years. This guide answers the following important questions:

  1. What Is GDPR?

  2. Why Is It Important?

  3. What Is Personal Data?

  4. Who Does the GDPR Apply To?

    1. Who Is Protected by the GDPR?

  5. My Space Is Outside of the EU, Will GDPR Affect Me?

  6. Will There Be Any Visible Changes to Cobot for Us and Our Members?

  7. Will the GDPR Require Any Action on Our Part as a Cobot Customer?

  8. Additional Resources

  9. Disclaimer

What Is GDPR?

GDPR, or General Data Protection Regulation, is the most comprehensive EU data privacy law in over 20 years. It strengthens users’ rights regarding their personal data, and its purpose is to harmonize data privacy laws across Europe.

This new law replaces the Data Protection Directive 95/46/EC, introduced in 1995 when only 1% of Europeans had access to the internet. Given that in 2016, 85% of European households had access to the internet, the old Data Protection Directive clashed with the realities of modern-day internet use.

The EU General Data Protection Regulation is a European data protection law that came into effect on 25 May 2018.

The GDPR Essentially Consists of Four Things:

  • Explicit consent requirements.

  • The right to be forgotten.

  • Data portability.

  • Algorithm transparency.

At Cobot, these principles have already been guiding our development standards. The new regulations defined by the GDPR will add even more data protection features to our product:

  • The ability to add, display, manage and get approval for individual privacy policies per space.

  • Double opt-in for newsletters.

  • Easily request your data.

  • Delete all data linked to any individual user.

Why Is It Important?

At its core, the GDPR is about peoples' right to view, change, access, and understand what is done with their data. It provides necessary empowerment for everyone who uses online services. For these reasons, we understand and support the goals of the GDPR and see it as the beginning of building a global data protection standard that will benefit everyone.

Trust and security have always been vital components of our core values. Cobot takes users' security and privacy very seriously (both for space operators and members) and avoids unnecessary data exposure. While we are committed to making Cobot as secure and transparent as possible, we encourage all of our users to take ownership of their data, ask questions, and work with us to improve our product.

What Is Personal Data?

The GDPR defines personal data as any piece of information that can be used on its own or in conjunction with other data to directly identify a natural person. Once you store member names, emails, addresses, or other personal data of so-called EU data subjects, you are processing EU personal data under the GDPR.

Personal data also includes, but is not limited to, information about hobbies, memberships, payment details, and physical, economic, cultural, or social identity.

Who Does the GDPR Apply To?

In a nutshell, the new data protection law applies to all companies that process personal data of Data Subjects residing in the European Union, regardless of the companies’ location.

Who Is Protected by the GDPR?

Most information online refers to the data protection of "EU citizens." The GDPR uses the term "Data Subject" instead of "Citizen" or "Resident." This means any "natural person whose personal data is processed by a 'controller' or 'processor," "regardless of their nationality or residence."

My Space Is Outside of the EU, Will GDPR Affect Me?

Most likely, yes. This privacy overhaul has significant implications for every organization that deals with EU Data Subjects (meaning both EU residents and citizens), regardless of where that data is processed. Therefore, it will have a global impact. Moreover, while there is a great deal of uncertainty about the GDPR outside of the EU, GDPR may set the standard for privacy regulations in other countries. This could give you a competitive advantage in the future.

Will There Be Any Visible Changes to Cobot for Us and Our Members?

Our team is building the necessary features so you can lawfully add and process your member data. For example, consent requests must be made in intelligible and easily accessible forms. Furthermore, consent must be distinguishable from other matters and be easy to withdraw. Our new features will enable you as space administrators to inform your members clearly about the purpose of your data requests and their processing.

In addition to this, your members will have control over the information they give you. Cobot's new features account for the member's right to confirm how their personal data is being processed, where it is processed, and for what purpose. This is also known as the "right to access."

Will the GDPR Require Any Action on Our Part as a Cobot Customer?

The GDPR has different requirements depending on how you use personal data, and handling personal data is a joint responsibility.

  • Data Controllers” are organizations that collect data and decide why, how, and for how long that data is processed.

  • Data Processors” are organizations that carry out the data processing on behalf of a Data Controller. At Cobot, we’ve updated our product according to the GDPR regulations. We ensure that we provide you with mechanisms to help you lawfully process and keep your members’ data. Still, there will be a few things that Cobot can’t take care of for you as it depends on how you manage your space and how you relate to your members.

As a Data Processor, we will implement the necessary features. Still, as Data Controllers, coworking space operators will need to take the new requirements into account when onboarding new members and processing their information.

We (Upstream-Agile GmbH) have contracts with core services that we pay for (Amazon, Salesforce (Heroku), Intercom, Google, etc.), and others were possible. Suppose you use these services outside of or via an integration with Cobot (Google in particular). In that case, the data is processed under the EU-Privacy Shield. You cannot create a contract (Data Processing Agreement) unless you use their business service. This then falls under your responsibility if you are using their accounts and services.

Additional Resources:


This post is for informational purposes only and should not be relied upon as legal advice. The GDPR is undeniably very complex. While we want to help our users prepare for the change, GDPR could affect your business outside of how you use Cobot. We encourage all our users to educate themselves and have added a few links above to this effect.

If you have further questions or want a more precise overview of how the GDPR might affect your space, we recommend seeking the advice of a specialized lawyer.

Did this answer your question?