Questback confirms it meets stringent, revised EU data transfer regulations

PRESS RELEASE: In light of the recent European Court of Justice ruling to invalidate the Safe Harbour data-transfer agreement between the U.S. and European Union/European Economic Area (EEA), Questback confirmed that it remains compliant with the EU/EEA data protection regulations. The new ruling means that technology companies processing data under the Safe Harbour framework are no longer in compliance with the EU/EEA regulations, and that customers using such services may be in breach of the law.

Questback processes all personal data within the EU/EEA in compliance with the latest regulations, and the new ruling on invalidating Safe Harbour has no consequences for Questback customers. All processing of European personal data within Questback’s cloud-based systems continues to be carried out at its secure and audited data centre facility in Bremen, Germany, certified by the German Federal Office for Information Security (BSI).

“Data protection is enshrined in Questback’s DNA. From the outset the company has taken privacy and data protection extremely seriously. We chose to invest in secure hosting of personal information in the EU, rather than in the US or other regions,” said Oliver Trabert, CTO, Questback. “The European Court of Justice ruling has serious consequences for those software companies, and their customers, that relied on the Safe Harbour framework to export personal data to the US. This is now judged to not provide an adequate level of protection for such information. We’d urge all organisations that use Software as a Service providers to check that they are equally compliant, and are consequently not breaking the law when it comes to data protection.”

Given the nature of its software, all the information gathered by Questback’s customers, whether through surveys, panels or community areas is overwhelmingly personal data, since it can be linked to names or other identifying factors. Consequently Questback will continue to follow its strict ‘Privacy by design’ strategy that makes data protection a central element in its overall operations.