Barracuda Privacy Mapping: United Kingdom
This guide is designed to help Customers map Barracuda’s Privacy Documentation to the relevant requirements under the United Kingdom’s Data Protection Act (2018) and General Data Protection Regulation (UK’s GDPR). Customers may use this tool to streamline internal assessments, validate regulatory alignment, and better understand how Barracuda’s security, privacy, and data-processing practices relate to the UK’s GDPR expectations. This guide is not legal advice or contractual guarantees. Customers should obtain advice from their own attorney. Please direct questions to privacy@barracuda.com.
| UK GDPR Requirement | Barracuda Privacy Documentation |
|---|---|
|
Notice and Consent (Articles 5 - 6, 12 - 14)
|
Barracuda provides a privacy notice, a global data processing addendum, and obtains necessary processing consent. See Barracuda’s Privacy Notice, Barracuda’s Global DPA (Sec. 3), and Barracuda’s Legal Homepage.
|
|
Data Subject Rights (Articles 15 - 22)
|
Barracuda supports Data Subject’s Rights Requests (e.g. Access, deletion, correction). See Barracuda’s Privacy Notice (Sec. 6) and Barracuda’s Global DPA (Sec. 7).
|
|
Processing Purpose and Limitations (Articles 5(1)(c), 6, 8A, 29)
|
Barracuda outlines the type of data collected, the purpose of use, and limits processing to what is necessary for achieving the specified use. See Barracuda’s Privacy Notice (Sec. 1 and 2) and Barracuda’s Global DPA (Sec. 3 and Attachment A).
|
|
Sub-processors (Article 28(4))
|
Sub-processors can only process data under documented instructions and must follow breach notification requirements, data subject rights, and audits. See Barracuda’s Global DPA (Sec. 6).
|
|
Data Protection Security (Article 32)
|
Barracuda has security safeguards in place. ISO and SOC2 Type II Certifications are available on the Trust Center. See Security Certifications.
|
|
Data Breach Notifications (Articles 33 - 34)
|
Barracuda’s incident response practices align with the local notification obligations and timeframes. See Barracuda’s Global DPA (Sec. 8).
|
|
Cross Border Transfers (Chapter 5, Schedule 21 of UK Data Protection Act)
|
Barracuda uses contractual safeguards for cross-border transfers. See Barracuda’s Privacy Notice (Sec. 7), Barracuda’s Global DPA (Sec. 12) and Barracuda’s Product Guides.
|
