How is Overleaf Preparing for GDPR?

The General Data Protection Regulation is a new European regulation on data protection and privacy for individuals within the European Union. It comes into force on May 25, 2018, as everyone knows. It harmonizes and generally strengthens requirements for handling of personal data and places additional obligations on all organizations that handle EU citizens’ personal data.

We are committed to ensuring that Overleaf is fully compliant with the GDPR. The good news is that our general approach, and our existing policies and practices, are already consistent with the principles behind GDPR. We are nonetheless taking several GDPR-specific steps to ensure and demonstrate compliance:

• We have reviewed all of our vendors that process personal data and are amending contracts where required to ensure that they are also GDPR compliant.
• We have audited where we collect and how we use personal data, and the basis on which we process it.
• We have updated our privacy policy to make it clearer how it relates to GDPR, and we haven taken the opportunity to update and simplify our terms of service. We’re also creating and updating internal documentation as required to meet any new requirements.
• We will continue to work with our institutional and enterprise clients to address any concerns that they have in connection with GDPR. If you are an existing or new institutional or enterprise client and you have questions about Overleaf and GDPR, please contact support.

As always, keeping your data safe is one of our top priorities. You can find out more about our security policies and practices in our security policy.

If you have further questions about Overleaf and GDPR compliance, please feel free to contact us.