Product Updates

GDPR: The Most Important Changes for Cobot Users

May 16, 2018
GDPR: The Most Important Changes for Cobot Users

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will go into effect, bringing new global data protection rights for individuals in the European Union.

GDPR is about strengthening the privacy rights of users within the EU with respect to their personal data. Since all member information is collected by coworking space operators and processed through Cobot, it is a joint responsibility to ensure your members’ data is protected.

Cobot will help you as coworking space operators to be GDPR-compliant. We’ve released a number of features to ensure the maintenance and recording of date related to member opt-ins and consents provided, as well as of all other data processing activities. To summarize, the most important features and suggestions to help you achieve GDPR compliance are:

Generating and Processing Personal Data

To be GDPR-compliant while using Cobot, you will need to enter into a Data Processing Agreement (DPA) with us. Why is that important? A DPA clarifies the actions Cobot takes to protect all the personal data we require from you and your coworkers. It explains in detail how Cobot collects, uses and passes on data to third parties, integration partners or payment providers. You will find the Data Processing Agreement under ‘Setup » Privacy’.

Navigate to “Setup” to find your new Privacy Settings Page

We also highly recommend you do the same with any other third-party data processors you might be working with, such as Stripe, MailChimp, Paypal etc.

Next, create or review your own Privacy Policy. Your space’s Privacy Policy should consider all aspects of your business — not just how data is processed with Cobot. Make sure you do the research necessary to understanding how GDPR applies to your space and to other tools you might use. You can upload your Privacy Policy under ‘Setup » Privacy’.

Upload your space’s Privacy Policy and review our Data Processing Agreement

Consent under GDPR requires an explicit action — and pre-ticked opt-in boxes do not indicate valid consent. It also means that you need to use clear, plain language to explain what data you are collecting and for what purposes. Cobot will provide you with the tools to update your Terms & Conditions across all members’ plans (while still giving you the option to customize them individually). Once you do that, all current members will be asked to accept your new Terms & Conditions, and we will log this change in their plan history.

On signup, members are asked to consent with your space’s Terms and Privacy Policy

We’ve also introduced a double opt-in for emails and newsletters, in order to prevent the misuse of your and your members’ email addresses for unsolicited advertising. Members of EU spaces now need to specifically agree to receive newsletters from the space, either on signup or through their settings.

If you use our MailChimp integration to send newsletters, only members who have agreed to receive newsletters will be added to your mailing list. MailChimp will also automatically send a confirmation email to each new member. Your members now have the choice to be added or not. These processes will be carried out automatically. As an administrator, you won’t have to do anything here.

Right To Be Forgotten

Cobot upholds the right to be forgotten and the right to data portability — from May 25th, all users of Cobot (space admins and members) can request the deletion of their stored personal data. This includes the ability to download and delete all their data from Cobot. Upon request, we will provide access to the personal data we collect from users and delete it if that’s their wish. Please note that invoicing and billing are excluded from this deletion.

GDPR goes into effect across the EU on 25 May 2018. Organizations that are found to be non-compliant, or have breached the regulation, may face a fine of up to 20 million euros or 4% of the organisation’s annual turnover.

Please note that this post is for informational purposes only, and should not be relied upon as legal advice. GDPR is undeniably very complex, and while we want to help our users prepare for the change, GDPR could affect your business outside of how you use Cobot. We encourage all our users to educate themselves and have added a few links above to this effect. If you have further questions and want a precise overview of how GDPR might affect your space, we recommend seeking the advice of a specialised lawyer.

If you aren’t already using Cobot to manage your coworking space, give it a go! Just sign up for a free trial or a live demo session. You’ll find our features can help you run your coworking space more effectively and grow your community. And if you have questions, our support team is all ears!

Happy Coworking!


The leading management software for coworking spaces worldwide, trusted by coworking spaces, office hubs, and flexible workspaces of all sizes to grow and manage their communities.