Re: Upwork and GDPR Compliance

We know there's been a ton of buzz out there around GDPR and not to worry, Upwork has been on top of it. We've done the necessary due diligence to be in compliance with these requirements. The General Data Protection Regulation (GDPR) comes into effect in Europe on May 25. This new legislation is all about giving EEA residents (EU countries + Iceland, Liechtenstein and Norway) more control over their personal data online. The upcoming changes impact EEA residents, but you may also be affected by these regulations if you do business with someone from Europe.

What does this mean for EU user data on Upwork?

First, we’d like to clarify how Upwork is complying with GDPR for EEA residents and summarize some of the changes we’ve made (these changes will be accessible on May 25th).

• We’ve updated our privacy policy to be more transparent about how we obtain, store and process your personal data.
• We’ve updated our processes to make it easier for you to control the data you provide to us. You can request access to your personal data and also request that any inaccuracies in your data be rectified.
• We’ve given you the ability to readily delete your account data by completing our Subject Access Request, SAR, form.
• We’ve added a GDPR area on our Legal page. We’ve also Included GDPR references in our Help Center and Hiring Headquarters, with articles explaining how to exercise your rights.

We value our users’ privacy and their rights to control their personal data. Regardless of where you call home, you may delete your account or request the deletion of all personal information we have about you at any time. However, we will only be following the requirements outlined by the General Data Protection Regulation (GDPR) for those living in the EEA. If you live elsewhere, we will be happy to delete your data to the extent we can reasonably do so.

Here in the Community forums and on our blogs, nothing will change for EEA users. If you participate, your comments and questions will be publicly displayed. Since your posts are public, others will have access to your forum content and may use it or share it with third parties. If you choose to voluntarily disclose Personal Information in these forums and have your profile visibility set so that your Community Forum profile links to your Upwork Profile, that information will be considered public information and the protections of the updated GDPR Privacy Policy will not apply. That being said, you can still request to have your personal information along with your posts removed from our blog or community forum, just contact us at https://support.upwork.com.

What does this mean for your business on Upwork?

The GDPR is a set of guidelines set out by the European Union, to give EEA residents more control over how companies collect and use their data. As mentioned previously, these will come into effect on May 25th, 2018. These guidelines not only give more rights to EEA residents, they also permit all businesses to operate under one set of clearly defined guidelines and rules. GDPR will apply to any company processing personal data belonging to EEA residents, no matter where they reside.

One of the most important steps that you can take is to familiarize yourself with the General Data Protection Regulation (GDPR), including the rights that it grants to EEA-based individuals and the obligations that it places on businesses that process these individuals’ personal data. That said, we can’t advise you on your specific legal obligations.

As a freelancer, if you are likely to process the personal data of someone living in the EEA as part of your work for your clients, you may want to take this Data Protection Self-Assessment offered by the UK Information Commissioner’s Office.

Clients, you may want to start with GDPR FAQs for Small Organizations, which is a great resource provided by the UK Information Commissioner’s Office, along with our Hiring Headquarters article. You may also want to reach out to an attorney or advisor if you have further questions.