Does anyone know how Wave is dealing with GDPR?

InnopsisInnopsis Member Posts: 1

As 25th May looms closer, I need to get my GDPR information into line.

Does anyone know how Wave is dating with GDPR?

As you may know, if you deal with any personal data concerning someone in the EU (customer, supplier or anyone), GDPR applies. Breaches of GDPR mean a fine of 4% of your global turnover for the first offence, where you are based.

If I have to move my accounts to a UK based cloud provider, I'd like to know sooner rather than later.



  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi @Innopsis.

    This has been a lot of talk about the GDPR recently, especially with the deadline quickly approaching. We, unfortunately, cannot give advice on compliance with any laws.

    That being said, here's where Wave stands on the topic. Wave is a Canadian company and to date, Canadian privacy law (PIPEDA) has been deemed adequate by the EU, so there's no need for any Privacy Shield-like framework.
    We have not been audited against the EU privacy standards, but are compliant with Canadian laws.

    I hope this satisfies your question. If you have any further questions, please direct them to [email protected]

  • 20Brandysnap1820Brandysnap18 Member Posts: 1

    I assume from that answer that Wave has not given any consideration to GDPR?
    That is going to be a problem for businesses in the EU who use services outside EU who have to meet the GDPR regulations and part of that would be assuring customers their data is safe under the terms of GDPR.

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi @20Brandysnap18, if you have worries concerning the GDPR, I would recommend sending them by e-mail to [email protected], or speaking with your lawyer.

    While I do empathize with the stress some of our European users are feeling over the implementation of the GDPR, I cannot give advice on compliance with any laws.

  • S2HS2H Member Posts: 1

    Unfortunately, unless Wave can guarantee that they are GDPR compliant, then we must assume that they are not - as the implications of falling foul of GDPR are now too onerous.
    Unfortunately for me, as a small business, this means that I am going to have to take the very reluctant step of no longer using Wave for my invoicing after 25th May - and I suspect that every single European user is going to be in exactly the same position, unless Wave can categorically confirm GDPR compliance (which I suspect they cannot).

    Interestingly, Stripe are working towards being GDPR compliant for 25th May.
    More information can be found here:

    I would strongly urge Wave to consider Stripe's example - or you will lose all of your European customers.

  • PatabugenPatabugen Member Posts: 6

    Another EU Wave customer chiming in, Wave currently does not give me the tools I need to manage my customers data easily enough to comply with GDPR at the same time. From the replies above it sounds like Wave are focusing on Canadian customers and their requirements, so I'll have to look around for a more EU focused company.

    @S2H my understanding is that we can store our data outside the EU (as per the cross-border data transfers bit) as long as the EU is happy enough with their rules (which I imagine they are for Canada). Having tools to help us find old customers (whos data we no longer need) or even better to let customers click a link to change/remove their own details would be great. Mailchimp is a fantastic example of this.

    So we could continue to use Wave, but if they're not supporting us to be compliant it's going to create extra work and we may be better off with a company more aimed at our market.

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi, @S2H and @Patabugen.

    I don't have more information to share than what was posted above at this time. That being said, I do recommend you direct your questions to [email protected] Our privacy team will be the best equipped to answer you at this moment.

  • samtsamt Member Posts: 4

    We really need something from Wave regarding GDPR, otherwise we will have to leave.

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi, @samt.

    As mentioned in my previous reply, I don't have more information to give at this time. I do encourage you to contact [email protected] with any of your questions.

  • tingalitingali Member Posts: 3

    Anything on this yet?

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi, @tingali.

    I still don't have more information to give, but you might get more information by talking directly to our privacy team by reaching out to [email protected]

  • GeertGeert Member Posts: 5

    I am following too. Also contacted [email protected]

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi everyone!

    We have just published a page on our Privacy terms about the GDPR. You can find it here.

  • VoxVox Member Posts: 4

    We are glad to see Wave coming into line with EU legislation and GDPR. It is vital that business as well as customer/client are both protected when doing business online. I also assume Stripe is working to meet the EU standards too.

    However, your statement on the subject does not specify categorically that you have met with 'full' compliance. Are we to assume, this is work in progress, and if so, when will the final full compliance with GDPR be announced?

  • samtsamt Member Posts: 4

    It does say at the end: "We are working to meet GDPR requirements, and will keep you informed as we implement additional functionality to support your privacy rights." So hopefully they will be fully compliant soon.

  • VoxVox Member Posts: 4

    @ samt: I can read the statement too. As an SME based in Central Europe, we have already met full compliance. I suppose it is right to assume European firms would take the lead on this directive.

    I am hoping Wave will not be far behind, but if need be, Wave would have to provide information about where their servers are held, where all mirror servers (if any) are based, and what level of security is being employed to prevent any form of breach. These are pertinent as clients financial information is stored on their servers. As for financial information in general being held by businesses, (such as you and I) having read the full directive myself, client information regarding financial transactions may be kept for as long as you deem necessary for relevant authorities, such as Revenue and Customs, etc, (this is required by statute in most countries) but this can be made clear in your privacy policy statement. Templates (which can be up to 27 pages long) are available for download, and you can modify these to your own specifics, delete what is not appropriate, once you have the document approved. Let's meet it all together for the sake of EVERYONE!

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi, @samt and @Vox.

    We’re are always striving to advance our privacy and security measures. We have taken steps to identify areas of improvement and are working towards full support of GDPR. Though we can’t yet say with certainty when we will fully support GDPR, we will share that information with our customers when it’s available.

  • samtsamt Member Posts: 4

    @ Vox: I am very sorry, I was only trying to help in case you missed it. I am also just someone very keen to stay with Wave and to have everything in place that we need.

  • tingalitingali Member Posts: 3

    Yeah, GDPR compliance is a must by 25th May, otherwise businesses will be leaving Wave....

  • CasandraCasandra Member Posts: 1

    Ok. Soooo, I guess we all need to move to a new platform. But now I still have a question about what we do with the old data? Do we need to delete everything from wave? Or since it was entered before May 25, is it ok?

    @samt? @Vox? Any clues?

  • samtsamt Member Posts: 4

    No idea?

  • VoxVox Member Posts: 4

    Well, I would not jump ship yet. Wave is a good product, and we have Alexia here confirming wheels are in motion, but of course that's not a legally binding statement. However, I have on good authority, it will be a while before full implementation, (some EU members are still appointing regulators). Here in Italy, the business news tells me firms are still finding feet, many in the UK, still have no policy drafted. Let's not also forget, the GDPR are here to protect you and me. I for one, get fed up with hearing of massive security breaches from online sites, and 'your data is possibly compromised'. This ruling aims, (in the longer term) to help to prevent that, and for you to be in the driving seat, not the company holding your info. Sadly, it will not stop rogue mails, or general pests from illegal servers based outside the EU, but why would you want to trust your details with them in the first place? What you have seen recently in the US press about some sites having to close down, is simply operators who have no privacy in place. In summary, SME's (small firms), don't be worried, large firms who are on aggressive marketing attacks to the EU, be very, very cautious. Everyone should make sure passwords are as strong as possible, if you are keeping other people's data on servers. Watch and wait, and keep checking back every 2 weeks. I am sure Alexia at Wave will be reporting back to the management team, or what she should be doing under the new rules EU 2016/679 the company's appointed 'data protection officer'.

  • VoxVox Member Posts: 4

    @ everyone. This is a link straight to the horses mouth. Some helpful factsheets are here (very easy to read) and of course, the full regulation.

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi, @Vox.

    I just want to clarify that I'm only speaking based on information provided to me by our security, privacy, and communications teams. I don't have any formal authority on this matter, I'm only acting here as a support agent. Rest assured, however, that your concerns are being forwarded to the appropriate team.

    With that said, I absolutely do intend to keep Wavers on the community informed of any development on GDPR compliance.

    edited May 26, 2018
  • drkouladrkoula Member Posts: 1

    Have you made any progress on becoming GDPR compliant please?

  • CharlotteCharlotte Member Posts: 695 admin

    @drkoula our GDPR page is up to date with the latest information available to our team. We are always striving to advance our privacy and security measures. We have taken steps to identify areas of improvement and are working towards full support of GDPR. Though we can’t yet say with certainty when we will fully support GDPR. When we have updates, this page will be updated and we'll report back here as well.

  • tingalitingali Member Posts: 3

    **What is the GDPR status now? **

  • AlexiaAlexia Administrator Posts: 3,315 admin

    Hi, @tingali.

    We'll be keeping the page linked in Charlotte's last reply updated as we update our own systems to comply. Keeping an eye on it is the best way to stay up to date with our GDPR compliance.

  • EmmaEmma Member Posts: 1

    Hi Everyone! GDPR is now alive and working well, which leaves me in a quandary about Wave. I love Wave and would be delighted to know if the privacy policies are Fully GDPR compliant. I checked the link @Charlotte posted back in May, but I can't see if anything has changed since then. I would be very grateful if there has been any update now that any ambiguity has been quashed, Thanks in advance

  • JamieDJamieD Administrator Posts: 1,091 admin

    Hey @Emma! As of right now, we still do not have any updates as when our system will be in full support of GDPR. The updates for this will land on the page that Charlotte has shared with everyone -- we appreciate your understanding and patience on this.

  • JC19JC19 Member Posts: 1

    I've just discovered this thread and am a little concerned now as there doesn't seem to have been any update on the GDPR statement from Wave for over a year. As a UK-based business I wonder now whether I should even be using Wave at all?? Is there any progress on GDPR-compliance from Wave?
    Thanks, Jo

Sign In or Register to comment.