GDPR

Compliance · GDPR

GDPR-aware telecom from a vendor with a real EU office.

For EU-resident businesses, US businesses with EU customers, and UK businesses navigating UK GDPR + PECR.

Request a compliance briefing   or call 866-304-4300

Founded 2001

Triton Cloud PBX — gdpr
99.999%
Uptime SLA
150+
Countries DID
Since 2001
Northeast roots
3 offices
Worcester · Dublin · BVI
B2B only
No residential

What the regulation requires

  • Lawful basis for processing personal data (Article 6)
  • Special category data restrictions (Article 9)
  • Data Processing Agreement between controller and processor (Article 28)
  • Data subject rights: access, erasure, portability (Articles 15-22)
  • International transfer safeguards: SCCs or adequacy decision (Chapter V)
  • 72-hour breach notification (Article 33)

How Triton Cloud PBX meets each requirement

  • Standard DPA available pre-sales, including latest 2021 SCCs
  • EU-region hosting (Dublin) for customer call data + recordings
  • Data subject request workflow with audit trail
  • Configurable retention periods per call type
  • Dublin office staffed with EU-based personnel
  • 72-hour breach notification SLA in DPA

Attestations + documents available

  • Data Processing Agreement (DPA) template
  • Standard Contractual Clauses (SCCs) for US ↔ EU transfers
  • Sub-processor list
  • EU data residency attestation
  • 72-hour breach notification process

What we will NOT claim

We do not provide GDPR legal advice. We provide a processor DPA, technical safeguards, and the ability to keep EU customer data in the EU. Your DPO or counsel makes the final determination on your overall compliance posture.

Frequently asked

Questions we get asked the most

Where is EU customer data stored?

In our Dublin region by default for EU-domiciled customers. US-region storage is an opt-in for customers who prefer it (acknowledging the cross-border transfer in the DPA).

Are you ISO 27001 certified?

Certification status is shared under NDA. Contact us.

Can we get a data subject request workflow?

Yes. We provide a process for handling access, erasure, and portability requests for data we hold as a processor.

What sub-processors do you use?

A list is provided with the DPA and updated when sub-processors change. Notice is given before material changes.

Do you have a UK GDPR DPA variant?

Yes. UK GDPR variant + UK IDTA (International Data Transfer Agreement) for UK ↔ third-country transfers.

Need this in writing for your audit?

Tell us your auditor's requirements. We will provide documentation under NDA.

Request a compliance briefing

or call 866-304-4300