Interested in our Data Protection & Privacy program? You have come to the right place! Below are some frequently asked questions.
What is the GDPR?
The European General Data Protection Regulation (“GDPR”), effective May 25, 2018, is a comprehensive data protection law that regulates the use of Personal Data of EU residents and provides individuals rights to exercise control over their Personal Data.
What is the CCPA?
The California Consumer Privacy Act, effective January 1, 2020, provides a statutory framework for the protection of Personal Information.
What actions have you taken around the GDPR and CCPA?
We updated our Data Protection Addendum and Privacy Notice to reflect GDPR and CCPA standards. We comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States and have certified to the Department of Commerce that we adhere to the Privacy Shield Principles.
Can you tell me about your Data Protection & Privacy team?
We have a core Data Protection and Privacy team comprised of cross-functional senior members of our Legal, Information Security, Technology, and Leadership teams (including our CIO, CTO, and GC), which are dedicated to the compliance with all applicable data protection and privacy laws and regulations. Members of our DP&P team hold several honors including: Board Certified Specialist in Privacy and Information Security Law by the North Carolina State Bar (1 of 14 in North Carolina*), several members hold International Association of Privacy Professionals (IAPP) certifications, CISM, and CISSP. Our Board receives annual deep dives on data protection and privacy items, along with regular updates throughout the year.

*Contact us for most current numbers.
What has your Data Protection & Privacy team been up to?
You will not find a cookie cutter data protection and privacy program here. Our team has designed and implemented a custom DP&P compliance program tailored to our industry and products. Here is a small sample of what we do:
- Life cycle privacy program: Continuously monitor and update the privacy program in accordance with applicable data protection and privacy laws and regulations and foster a culture of data protection and privacy within Bandwidth.
- Employee training: All employees, interns and temporary staff receive information security and privacy training yearly.
- Security measures: We maintain appropriate administrative, technical, and physical security measures to help safeguard against the accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the personal information we process or use. We expend substantial resources to protect personal data entrusted to us. We are ISO 27001:20013 certified and SOC II compliant. We are a PCI Level 3 Merchant and have met Payment Card Industry Data Security Standard’s SAQ-A.
- Third-Party audits: Security at Bandwidth is a high priority. We have yearly third-party information security audits. See our Security page for more details: https://www.bandwidth.com/security/
- Data subject rights: We created an easy to use form to exercise your data subject rights. Please follow this link to our interactive form. DATA SUBJECT RIGHT REQUEST FORM
How into data protection and privacy are you?
One of our favorite topics! We are not in the business of monetizing customer data. Details on our privacy practices can be found at www.bandwidth.com/privacy. If you have questions about our privacy program, you can reach us at privacy@bandwidth.com.