GDPR compliance and EU hosting, included by default
Webinars process personal data, names, email addresses, viewing behaviour.
For many organisations the question isn't whether the platform is secure, but
where the data is stored and who has access to it. At OnlineWebinar, the answer
is built in, not bolted on afterwards.
Your data stays in Europe. Full stop.
OnlineWebinar's entire infrastructure runs within the European Union, with a
significant part in the Netherlands. This applies not only to the application,
but to the whole chain, including the streaming infrastructure, provided by
Vindral, which is also EU-based.
For many corporate and public-sector organisations this is not a preference but
a hard requirement. Your attendees' personal data does not leave the EU, and you
don't have to navigate the additional obligations that come with transferring
data to countries outside the European Economic Area. No US servers, no detour,
no fine print.
A dedicated environment means data isolation
Every OnlineWebinar client gets a dedicated environment, not shared
infrastructure where the data of hundreds of organisations sits side by side.
From a security perspective this is a meaningful difference: your attendee data
lives in an environment configured for your organisation, not in a shared
database.
For your own security or privacy team, that's an easier story to approve. Data
isolation is an argument they recognise, and it significantly simplifies the
internal sign-off on a new platform. It's compliance that comes from the
architecture, not from a setting you have to switch on.
Data processing agreement and ownership of your data
Under the GDPR, your organisation is the data controller for your attendees'
data, and OnlineWebinar is the data processor. We set out that relationship in a
data processing agreement (DPA), available on request, which your security or
legal team can review in advance.
Your data also stays yours. Attendee details, registrations and analytics are
your property you can export them, and you are not locked into the platform
through a vendor lock-in on your own data. If you decide to leave, you take your
data with you.
On the path to ISO 27001 certification
OnlineWebinar is currently working towards ISO 27001 certification, with
completion expected by the end of 2026. ISO 27001 is the international standard
for information security: it sets requirements for how an organisation
identifies, manages and continuously improves the way it handles data risks.
We communicate this deliberately as an ongoing process, not a completed
certification. Full documentation of our security measures and the data
processing agreement are available on request for review by your own team.
What this means for your organisation
In practice: you can put a new webinar platform through your own privacy and
security review without the answers letting you down. EU hosting is handled, the
data sits in a dedicated environment, there's a data processing agreement, and
you retain ownership of your data. For organisations where IT and compliance have
a say in the purchase, that removes the biggest obstacles up front.
- 100% EU hosting, largely in the Netherlands (incl. Vindral streaming)
- Dedicated environment per client, data isolation
- Data processing agreement on request
- Ownership and export of your own data
- ISO 27001 in progress, completion expected end of 2026
Ready to put it in front of your own team?
Request the data processing agreement and our security documentation, or book a
demo where we walk through the technical and legal side together — with your IT
or compliance colleagues at the table too.