About GDPR

On May 25, 2018, a landmark privacy law called the General Data Protection Regulation (GDPR) took effect in the European Union (EU). The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data.

This article outlines frequently asked questions about WhosOnLocation and GDPR. It does not provide legal advice. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.

Read the WhosOnLocation GDPR statement on our website. 

What is the GDPR?

The GDPR is the comprehensive data protection law in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What does the GDPR regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

How does the GDPR change privacy law?

The key changes are the following:

  1. Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organizations, as well as customer profiling and monitoring requirements.
  2. GDPR also includes binding Corporate Rules for organizations to legalize transfers of personal data outside the EU, and a 4% global revenue fine for organizations that fail to adhere to the GDPR compliance obligations.
  3. Overall the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. However, WhosOnLocation must comply with the privacy rights of EU individuals and we must ensure compliance with our obligations on how we market, track, and handle EU personal data. These include ensuring the rights of EU citizens is maintained as well as ensuring the handling of data is carried out in a way that meets the recommendations defined in the GDPR.

Is there a GDPR certification?

No, there is not currently a GDPR certification issued by the European Commission. WhosOnLocation will be monitoring any certifications that come out after the GDPR goes into effect and will certify to them, if it deems them to be appropriate.

Does the GDPR require EU personal data to be encrypted at rest?

The GDPR does not mandate specific security measures. Instead, the GDPR requires organizations to take technical and organizational security measures which are appropriate to the risks presented (Article 32(1)). Encryption at rest and pseudonymization may be appropriate depending on the circumstances, but they are not mandated by the GDPR in every instance.

Does WhosOnLocation encrypt personal data at rest?

Yes. We apply encryption of data at rest for all customer accounts.

Has WhosOnLocation updated it's Privacy Policy and MSA to reflect the GDPR?

Yes. Our Master Subscription Agreement (MSA) and Privacy Policy now incorporates provisions for GDPR. You can view our GDPR statement here.

Does WhosOnLocation have GDPR features or functionality?

Yes. The following features are available to you:

  • A disclaimer for visitor information capture.
  • A disclaimer for photo capture specifically.
  • The ability for a visitor to disable the system from remembering their details on sign in.
  • A way for visitors to see all information you have about them.
  • The ability to erase a visitor’s information on their request.

Some of these require activation and some are features which you can use on request when required. To learn how to enable these feature see our article here.

WhosOnLocation's Data Protection Officer (DPO)

The GDPR requires that you appoint a representative in the EU.

WhosOnLocation has appointed a DPO who will be responsible for setting up policies, reviewing Data Protection Impact Assessment reports, monitoring compliance with the GDPR, and all tasks listed in Article 39.


The Data Protection Officer
WhosOnLocation Limited
Email: dpo@whosonlocation.com

WhosOnLocation's Data Protection Representative (DPR) in the EU

The GDPR specifies Under Article 27 of the General Data Protection Regulation (GDPR), an organisation with no establishment in the European Union, and which processes the personal data of people inside the EU, must appoint a Data Protection Representative in the Union to allow individuals and local data protection authorities to have a contact in the EU.

Whosonlocation Limited, which processes the personal data of individuals in the European Union, in either the role of ‘data controller’ or ‘data processor’, WhosOnLocation has appointed a DPR Group as its Data Protection Representative for the purposes of GDPR. DPR Group are based in Ireland and gives us Contact locations in all 28 EU member states.

The contact details for DPR Group HQ are:

DPR Group
Office 29, Clifton House,
Fitzwilliam Street Lower,
Dublin, Ireland

If you want to raise a question to Whosonlocation Limited, or otherwise exercise your rights in respect of your personal data, you may do so by:

  • sending an email to DPR Group at datainquiry@dpr.eu.com quoting <Whosonlocation Limited> in the subject line or;
  • by contacting us on our online webform at dpr.eu.com/datarequest or
  • by mailing your inquiry to DPR Group at the most convenient of the addresses below:

DPR Group postal addresses




DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria


DPR Group, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium


DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria


DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia


DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic


DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark


DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia


DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland


DPR Group, 72 rue de Lessard, Rouen, 76100, France


DPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany


DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece


DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary


DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland


DPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy


DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia


DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania


DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg


DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta


DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands


DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland


DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal


DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania


DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia


DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia


DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain


DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden

United Kingdom

DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom


When mailing inquiries, it is essential that your mark your letters for ‘DPR Group’ and not ‘Whosonlocation Limited’, or your inquiry may not reach us. Please refer clearly to Whosonlocation Limited in your correspondence.

On receiving your correspondence, Whosonlocation Limited is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.

If you have any concerns over how DPR Group will handle the personal data we will require to undertake our services, please refer to our privacy notice at https://www.dpr.eu.com/legal-privacy.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request