Is Webflow really GDPR compliant?

I’ve been reading different posts about the GDPR and Webflow and it seems that WF is still not GDPR compliant.

  • Webflow sites are hosted in the US (a big no-go for many European clients, who want/need to host in the EU to comply with the GDPR).
    I am wondering about other aspects (cookies, collecting other private data etc).

For me it’s a huge no-go…

Theoretically, I could export the code and host it somewhere else, but it won’t work for many clients. Most people would prefer to use Wordpress, since they can edit their website without asking the developer. It’s impossible with WF. And the forms won’t work with exported sites…

Anyone designing with Webflow for clients Europe? What’s your experience? How are you dealing with the GDPR?

Hey Josef,

I’m based in the UK. One of the sites I built for a property lawyer recently are quite happy that the site is GDPR compliant. It was checked by their governing body too (bigger lawyers). I’m quite happy that Webflow is GDPR compliant for clients and so are they.

Obviously it’s down to your own due diligence and preference. If you think you would be providing your clients with a non-GDPR compliant site then of course you wouldn’t proceed, and definitely worth letting the team know where you think it falls short, they’re always open to feedback.

However, this is an official source for GDPR and I would avoid reading topics posted by “experts” whose main aim is to scaremonger consumers into taking unnecessary steps that make them money.

I would be genuinely interested to know your source for not hosting on a US based server and what big companies it’s a no-no for and why.

2 Likes

Hey thx for the feedback.
the EU-US Privacy Shield will most probably be revoked: https://www.siliconrepublic.com/enterprise/privacy-shield-analysis
So it is not really GDPR compliant. We simply need an option to host in the EU to avoid possible problems in the future. It would be much BETTER if we could choose where to host. That would settle it.
Some clients simply prefer to host everything in the EU regardless of the GDPR.

On the “preparing for the GDPR” page it’s written that Webflow was planing to: “audit all our vendors that store or process personal data to ensure they’re on track with preparing for the GDPR”
Any updates on it? I guess Webflow is using Fastly. Another data processor. Other vendors?

Webflow is also automatically scales, compresses, and optimises images for every device. It’s data processing. Perhaps a third party service is being used here too (Imgix?).

I would like to see more updates on the Webflow’s compliance with the GDPR.

Hi Josef,

I fully understand your wish to have an EU hosting with Webflow, but concerning GDPR it is not a must. As a data processor of your clients, you a dpa with your clients and Webflow as a data processor with subprocessors, should be enough. Webflow offered this starting from May 23. this year, where you should have got an email with the links to several privacy pages, like this one with the subprocessors: Subprocessors | Webflow

And you could sign the dpa here: Webflow Data Protection Agreement Request

Agreeing with data officers of my clients in Germany this worked fine so far, also with other services with servers in the US.

We’re doing websites since 1997 with freelance coders and could not be more happy about the independence and flexibility we got with Webflow. Convincing clients to get a website with Webflow, was never a question of GDPR, so far. Hope you will find a way to convince them. also. For bigger projects, we still use Typo3, but I hope, this will be history, someday.

3 Likes

Pupinko, thank you for the links. I am wondering why there is no way to host in the EU. It seems Webflow is using AWS, which has the option to host in Europe.

What’s your experience convincing clients to host with Webflow?

There are several arguments for and maybe some against Webflow and you can find a ton of it here in the forum.

From my point of view, I think the main points are:

  • Technical maintanance is not really necessary

  • Adjustments are possible quick and for a good price

  • The CMS is very easy to use

  • The Webflow team is having a very transparent philosophy and is focussing on stability and realibility, while it is developing at a top level

  • The community is very helpful and constantly growing

4 Likes

Thank you! Hopefully we will be able to host in Europe soon. It would make it much easier to convince clients to host with Webflow.

Hey [pupinko],

Can you please elaborate a bit more on DPAs? Why do I need to sign it with my clients?
It seems you know the GDPR regulations quite well. Could I contact you somehow to discuss the topic of Webflow and the GDPR a bit more?
Thanks!

In short you need DPA’s, first off all with your suppliers/data-partners (like Webflow), so everyone working with you knows exactly who is processing/transferring your data. This goes for every digital (online) platform you use in your entire business and workflow. (Mail, CRM, Todo apps, accounting software, etc etc.

DPA’s with your clients can be extra specific and it could be possible you’re using different kinds of data processors for different clients. Signing a DPA with your clients can be (extra) helpful to clarify, for that specific client, what is used, by whom and optionally even where, how and when.