Improve data privacy and GDPR compliance for your organization


What is GDPR? Key Facts

The EU's General Data Protection Regulation (GDPR) intends to standardize data protection legislation across the European Union (EU) and update current data protection laws.

Ed Brown of Malwarebytes Legal explains the basics of GDPR.


GDPR applies to the European Economic Area (European Union states, as well as Iceland, Liechtenstein and Norway).

This impacts every entity that holds or uses European personal data both inside and outside of Europe.1


GDPR is based on the principle of good data governance. To achieve data privacy, organizations require ‘privacy by design’, ‘privacy by default’, and ‘accountability’.

Without undue delay and, where feasible, not later than 72 hours after having become aware of it.2


The law imposes stricter fines on companies mismanaging personal data or failing to appropriately protect it.

Any person who has suffered material or immaterial damage as a result of an infringement of the regulation shall have the right to receive compensation from the controller or processor for the damage suffered.3


GDPR mandates that organizations, including large enterprises, small & medium business (SMBs), and even sole proprietors reassess their data processing controls and implement a plan to achieve compliance.

GDPR took effect on May 25th, 2018.
You can

Complying with GDPR

GDPR compliance involves many stakeholders across the organization. A new role imposed by GDPR, the Data Protection Officer (DPO) is required to work closely with all stakeholders. No single technology or process will deliver compliance across the three regulation pillars – legal and compliance, technology, and data. Learn more about how to prepare for GDPR and better protect your organization’s data.

Check out our Quick Start Guide

GDPR Blogs

GDPR causes a flood of new policies

Let’s take a look at how different companies are coping with GDPR changes.

Make way for the GDPR: Is your business ready?

What to do to prepare for GDPR's approach.

How to build an incident response program: GDPR guidelines

Incident response plans are now required by GDPR.

Building an incident response program: creating the framework

Steps to create your company's incident response program.

Frequently Asked Questions

This FAQ includes common questions you may have about GDPR. These questions tackle the inquiries we frequently receive about GDPR and our Privacy Policy. For more information about our data processing, we encourage you to read the full Privacy Policy for additional details.

The GDPR is a regulation intended to standardize data protection legislation across the European Union (EU) and update current data protection laws. GDPR is based on the principle of good data governance. To achieve data privacy, organizations require 'privacy by design', 'privacy by default', and 'accountability'. GDPR took effect on May 25th, 2018 and as a result, organizations, including Malwarebytes, have reassessed their data processing controls and implemented a plan to achieve compliance.

We will update our Privacy Policy as necessary to ensure that our policies are in line with international regulations, our product and business practices.

We may collect your information: (1) when you license and use our software ("Software Collection"); (2) when you interact with certain portions of our website, such as our forums, blogs, and support center ("Website Collection"); and (3) when you communicate with us by email, chat, or otherwise ("Dialogue Collection"). More information about what is included in Software, Website and Dialogue Collection can be found in detail in their corresponding Sections of our Privacy Policy.

Our primary purpose in collecting your data is to be able to equip you with effective products and services that provide a more agile, dynamic response to new and unknown threats. We also use the data to communicate with you by informing you about your account, new products or services available, providing access to content such as whitepapers and webinars, as well as in fulfilling requests such as providing customer support services.


Yes, you may opt out of submitting certain types of personal information to Malwarebytes; which may include usage and threat statistics. You may find information about such opt out process in the “Choice” section of our Privacy Policy.

You may access, modify or delete (subject to applicable law) the personal information associated with your use of our services at any time by updating your “My Account” information by navigating to, signing into your account and updated your personal information. Alternatively, you may contact us at

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.

We take commercially reasonable measures to protect personal information from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can't guarantee the absolute security of your personal information, but we do what we reasonably can to protect it.

Yes, Malwarebytes and its partners collect information through "cookies" and other similar tracking technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. Cookies are text files saved by your browser when you log into our software or services. We may use both session cookies and persistent cookies to identify that you have logged in, to tell us how and when you interact with our software or services, and to check aggregate usage and web traffic. Unlike persistent cookies, session cookies are deleted when you log off and close your browser. If you prefer, you can always change your browser options to stop accepting cookies or to prompt you before accepting cookies. However, if you do not accept cookies you may not be able to access the entirety of our software and services.

Our services are not directed to children under eighteen, and we do not knowingly collect personal information from children under thirteen. If we learn that we have collected personal information of a child under thirteen we will delete such information from our files as soon as possible, provided, however, that some information may remain in archived/backup copies for our records or as otherwise required by law.

As of May 25, 2018, our Malwarebytes Software User License Agreement includes processing terms that address the GDPR's contract requirements and therefore you will not need to put in place a separate data processing addendum.

If you have any questions please send us an email to

Select your language

New Buy Online Partner Icon Warning Icon