Barracuda Privacy Mapping: European Economic Area
This guide is not legal advice, does not provide contractual guarantees, and should not be interpreted as a statement on Barracuda’s compliance with specific privacy laws. Customers should obtain advice from their own attorney.
This guide is designed to help Customers map Barracuda’s Privacy Documentation to the relevant requirements under the European Union’s General Data Protection Regulation (GDPR). Customers may use this guide to streamline internal assessments, validate regulatory alignment, and better understand how Barracuda’s security, privacy, and data-processing practices support customer efforts to comply with the GDPR. Please send questions to privacy@barracuda.com.
| EU GDPR Requirement | Barracuda Privacy Documentation |
|---|---|
|
Notice and Consent (Chapter 2)
|
Barracuda provides a privacy notice, a global data processing addendum, and obtains necessary processing consent. See Barracuda’s Privacy Notice, Barracuda’s Global DPA (Sec. 1), and Barracuda’s Legal Homepage.
|
|
Data Subject Rights (Chapter 3)
|
Barracuda supports Data Subject’s Rights Requests (e.g. Access, deletion, correction). See Barracuda’s Privacy Notice (Sec. 6) and Barracuda’s Global DPA (Sec. 5).
|
|
Processing Purpose and Limitations (Article 28 - 29)
|
Barracuda outlines the type of data collected, the purpose of use, and limits processing to what is necessary for achieving the specified use. See Barracuda’s Privacy Notice (Sec. 1 and 2) and Barracuda’s Global DPA (Sec. 1 and Attachment 1).
|
|
Sub-processors (Article 28(4))
|
Sub-processors can only process data under documented instructions and must follow breach notification requirements, data subject rights, and audits. See Barracuda’s Global DPA (Sec. 4).
|
|
Data Protection Security (Article 32)
|
Barracuda has security safeguards in place. ISO and SOC2 Type II Certifications are available on the Trust Center. See Security Certifications.
|
|
Data Breach Notifications (Articles 33 - 34)
|
Barracuda’s incident response practices align with the local notification obligations and timeframes. See Barracuda’s Global DPA (Sec. 6).
|
|
Cross Border Transfers (Chapter 5)
|
Barracuda uses contractual safeguards for cross-border transfers. See Barracuda’s Privacy Notice (Sec. 7), Barracuda’s Global DPA (Sec. 10 and Attachment 1, Exhibit B) and Barracuda’s Product Guides.
|
