Our Commitment to being GDPR Compliant

The landmark European privacy law – GDPR (the General Data Protection Regulation) is due to take effect on May 25th, 2018. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organizations that market to, track or handle EU personal data, no matter where an organization is located. It only reinforces our belief that data privacy is an essential individual right and we’re excited about reviewing and updating our policies to make sure that you and your data are always safe and secure! The changes are being rolled out globally and are made across all accounts, regardless of whether they are in the EEA (European Economic Area) or not.

We believe GDPR is a required step towards the standardization of security measures across all geographical regions. Lawcus has always been committed to ensuring the highest standards for data security and data privacy and GDPR only takes us closer to our goal by standardizing the process. We are actively preparing our business and compliance processes for GDPR to take effect, and this page will inform you further on how those changes will affect you and your business.

GDPR is the most noteworthy milestone in the space of Data Privacy Regulations and how we think of it. We welcome this milestone in Data Privacy Regulations and would love to share the steps we are taking to make sure we are GDPR friendly on or before May 25th, 2018.

About GDPR

When is the GDPR coming into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by the government; meaning it will be in force May 2018.

Who does the GDPR affect?

The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What constitutes personal data or Personally Identifiable Data (PII)?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

How do you define a data processor and a data controller?

A controller is an entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller. Lawcus is both a data processor and a data controller.

What are we doing for GDPR

Updated T&C, Privacy Policy, and Cookie Policy

We’ve updated our terms and conditions and privacy policy to incorporate GDPR’s requirements.

Consent / Explicit Opt-in

Lawcus explicitly asks for consent for activity tracking via cookies and provides opt-in/opt-out mechanisms for promotional emails.

Data Processing Agreements

Strong data protection commitments are an essential component of GDPR’s requirements. As a controller, Lawcus has an obligation to only work with data processors that provide sufficient guarantees. As part of our preparation, we have eliminated data processors that do not provide these guarantees. We work with data processors like Intercom, Mixpanel, and Stripe.

Right to Portability / Export Data Feature

You have the right to move your data out of Lawcus to other systems. Lawcus provides the capability to export your expense data in excel format and bills in a consolidated PDF format which can be then be uploaded to a system of your choice.

Lawcus allows account owners to download their data in Lawcus in standard formats like CSV / Excel and PDF. These options are available within the application.

Right to be Forgotten / Delete Account Feature

You have the right to be forgotten i.e. request erasure of all data concerning you in Lawcus and we will oblige the request without undue delay.  Account owners can also send a note to support@lawcus.com if they require deleting their account and all information from Lawcus and its data processors.


Lawcus is an enterprise product trusted by small and large enterprises alike. We conduct Vulnerability Assessment and Penetration Testing every 6 months. We’re built on Amazon cloud, also use the strongest encryption at rest & transition. Also, users have an ability to setup 2 Factor Authentication.

Additional Resources

To know more about GDPR, please go here. For any questions or concerns related to GDPR, please feel free to get in touch with us at support@lawcus.com and we’d be happy to chat with you!


The content above is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.