Blog

GDPR Compliant: Why Your Data Deserves Better Than a Checkbox.

May 22, 2026
SEE A DEMO
FREE DEMO
EXPLORE THE PRODUCT

If you've spent any time evaluating construction software, you've probably seen the phrase "GDPR compliant" more times than you can count. It appears on websites, in sales decks, in email footers. But here's the question nobody seems to be asking: what does it actually mean in practice?

Because compliance isn't a single thing. It's not a badge you apply for once and forget about. And when it comes to your data, your workforce information, your site activity and your subcontractor details, the work behind the claim matters the most.

GDPR Compliance Isn't One Size Fits All

The General Data Protection Regulation sets out a framework for how personal data should be collected, stored, and protected. But this is where things get interesting.

For a software platform handling sensitive site data, genuine compliance means having the right policies, procedures, and technical controls in place and being able to prove it. That's where certifications come in.

The gold standard is ISO 27001, an internationally recognised certification for information security management. To achieve it, organisations need to demonstrate robust controls across everything from data retention and access management to backup procedures and incident response. It's independently audited. You can't self-certify. And you have to maintain it.

There's also Cyber Essentials Plus, a UK government-backed certification that validates an organisation's defences against the most common cyber threats, again, independently verified.

These aren't marketing claims. They're evidence.

How innDex Builds Data Protection into Everything

At innDex, we don't treat data protection as a compliance exercise. It's something we've built into our platform, our infrastructure, and our processes from the ground up. Here's what that looks like in practice.

Certification

innDex holds both ISO 27001 and Cyber Essentials Plus, the two key industry standard certifications for data security and GDPR compliance. We were among the first in the construction technology space to achieve ISO 27001, and we maintain it because the standards it demands are the standards we want to be held to.

What does ISO 27001 require of us? Things like documented data retention policies, regular backup and restore testing, access control procedures, and ongoing risk assessments. Not because an auditor asks for them once, but because they're part of how we operate day to day.

Product Security

Compliance isn't just about paperwork. It's about what happens inside the product itself.

innDex supports Single Sign-On (SSO) via Microsoft and Okta, as well as Multi-Factor Authentication (MFA), so your team can access the platform securely without compromising on convenience.

We also have a tiered role-based access control system, which means you can be precise about who sees what. Not everyone on site needs access to the same level of information.. With innDex, you can set different access levels for different roles, and control who has the authority to grant or restrict access at both a project and company level. Sensitive data stays with the people who need it, and only those people.

Data Hosting

For customers using innDex, data is hosted on Amazon Web Services (AWS), the same infrastructure trusted by governments, financial institutions, and some of the most security-conscious organisations in the world.

We chose AWS deliberately. In terms of reliability, performance, and security, it sets the bar. Data is stored and any transfer of data is handled in a fully GDPR-compliant way. When you store your data with innDex, you're not just trusting us, you're benefiting from the world-class infrastructure we've built on top of.

Compliance Is a Commitment, not a Certificate

Here's the thing about ISO 27001, earning it is only the beginning. Maintaining it means continuously reviewing your controls, updating your policies, and being ready to evidence everything you say you do. It's a living standard, not a one-time achievement.

That's the approach we take at innDex. Not because we have to, but because the companies trusting us with their data deserve nothing less.

So next time you see "GDPR compliant" on a website, it's worth asking: what's actually behind it? For us, the answer is two independent certifications, a product built around security, and infrastructure that doesn't cut corners.

That's what we mean when we say we take your data seriously.

Want to find out more about innDex's security credentials?  Speak with us now.

Keen to find out if innDex is right for your team?

See innDex in action and learn how it can transform the way your projects run.

SEE A DEMO

Solutions

Client Organisations
Main Contractors
Subcontractors
Site Workers

Resources

Case studies
News Room
Whitepapers

COMPANY

About Us
Careers
FAQs
Keep up to date with innDex.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

By clicking 'Subscribe', you consent to receive news, updates, and marketing communications as part of our marketing subscription. You can unsubscribe at any time. For more information, please see our Privacy Policy

Terms of use
Privacy policy
Cookie Policy
UK