ProtonBlog(new window)

Proton Mail created, to help businesses achieve GDPR compliance

Share this page

The General Data Protection Regulation is the world’s toughest data privacy law, threatening enormous fines to violators. Yet businesses have few good resources to help them comply. window) is here to change that.

The European Union created the GDPR(new window) to help individuals achieve a greater degree of privacy and data security online. It was meant to curb data breaches, which drain billions from the economy each year and expose citizens’ sensitive information to hackers. And it gives individuals more control over how companies use their data.

While the GDPR is great for people, it hasn’t been so easy on businesses. Last year, we asked 101 business leaders about their GDPR checklist compliance(new window) and discovered that even six months after the law went into effect, a majority of businesses are not fully compliant. And it’s not for lack of effort. They have invested thousands (and sometimes hundreds of thousands) of dollars on GDPR compliance, and most say they still don’t fully understand the law.

The main problem is the lack of quality resources. Inadequate understanding of the law remains the greatest obstacle to compliance for small- and medium-sized businesses. Despite an overwhelming number of articles about the GDPR on the Internet, few are actually straightforward and relevant. Owners and managers of small businesses told us they wanted clear guidance on how to achieve proper GDPR compliance(new window). Businesses want practical information they can actually use. As one manager of a retail company in London told us, “GDPR is a lot harder in practice than in theory.”

Solving this problem is why we created

What is is meant to be the definitive resource on GDPR compliance topics. The information is not the high-level overviews that you might find on some corporate blogs, or the hard-to-understand jargon put out by some law firms. Instead, it is an easy-to-understand, comprehensive, and practical guide written by people who have gone through the actual process of making a business fully compliant with the GDPR. does not only contain news and information about the EU’s General Data Protection Regulation. It includes a GDPR compliance checklist and the full text of the GDPR(new window) itself, which is easily searchable so you can find any passage using keywords. This is one of the only fully searchable online copies of the law, and if you have ever tried to find something in the GDPR law itself, you will have a better appreciation for this.

The site also contains detailed guides on specific topics, such as how to comply with the “right to be forgotten(new window),” what is a Data Protection Officer(new window)(and who needs one), and how GDPR fines(new window) are determined.

Finally, we have also published examples of a number of GDPR forms that are essential for businesses to comply with the GDPR. Some of the sample forms available for download include a GDPR-compliant privacy notice(new window), a sample GDPR Data Processing Agreement(new window), and a sample GDPR right to erasure request form(new window). Unlike other samples you might find online, these are actually used in business and have been vetted.

Going forward, we will continue to update the site with more guides, as well as news and analysis(new window) as EU regulators begin to interpret and enforce the law. We will also conduct original research to make sure we’re answering questions about the GDPR that you actually want answered, while gaining deeper insight into GDPR compliance.

Why is Proton Mail working on

As the world’s largest encrypted email service with millions of customers worldwide, complying with the GDPR(new window) was essential for us, given that nearly 40% of our customers come from the EU. Even as a Swiss company, we are not exempt from compliance (in fact, nobody is exempt(new window) if you have EU customers). For this reason, over the course of 2018, we expended significant effort ensuring that Proton Mail and Proton VPN would be fully compliant with the GDPR. is the culmination of the lessons we learned during our own GDPR compliance process. We want the research we have done to not only be a resource for ourselves but a resource for the whole world, so we can collectively move toward a more private and secure Internet.

This is also fitting considering that in 2018, Proton AG was co-funded by the Horizon 2020 Framework Programme of the European Union, which was created to stimulate entrepreneurial research and innovation. One important area of focus is cybersecurity and privacy, and we believe the GDPR and similar regulations are an essential step toward creating a safer Internet.

The project is part of our mission to raise awareness about data security and expand the use of cryptographic tools. Whether it is working with journalists(new window), educating the public(new window), or partnering with civil society organizations(new window), a more secure and private Internet is only possible by combining technology development with educational initiatives.

Businesses—and especially small businesses—have always been particularly vulnerable to information security challenges and stand the most to gain by implementing data protection standards required under the GDPR, such as encryption. We believe data protection principles should be easy to implement and should not come at the cost of business growth. It’s our mission with to help business leaders find such solutions.

Please feel free to share your feedback with us at or on our social media pages below:

You can get a free secure email account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support!

Protect your privacy with Proton
Create a free account

Share this page

Ben Wolford(new window)

Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Related articles

What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m
In the early days when Proton started, we often received a question along the lines of “I love the product and what Proton stands for, but how do I know you will still be around to protect my data 10 years from now?”  Ten years and 100 million accou
Credential stuffing is a popular type of cyberattack where attackers take login credentials and use them on thousands of websites, hoping to fraudulently gain access to people’s accounts. It’s an effective attack, but fortunately, one that’s easy to
With Skiff abruptly shutting down operations, many people are on the lookout for alternatives that don’t compromise on privacy — and won’t suddenly disappear. People were attracted to Skiff because it promised privacy, no ads, end-to-end encryption,
Skiff is dead. On Feb. 9, the email company Skiff announced it was being bought by Notion. Many Skiff customers have been shocked by this news, as their inboxes have been sold out from under them. Skiff gave people six months to export their data be
Looking into the Dropbox privacy policy
Dropbox was the first mainstream cloud storage provider, and still the biggest player on the market, with 700 million users in 2022. We took a dive into Dropbox’s privacy policy to see how well the company protects the personal data of those millions