Our commitment on the upcoming EU Data Regulation.
At ClientSuccess, we’ve been working hard to prepare for EU General Data Protection Regulation (GDPR), to ensure that we fulfill its obligations and maintain our transparency about customer messaging and how we use data. Here’s an overview of GDPR, and how we’re preparing for it at ClientSuccess:
What exactly is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU data.
Some other main themes of the new regulations include data transparency, increased scope of responsibility for those who process personal information, and consent to collect and process personal information. GDPR empowers its residents to better understand who is processing their data, why their information is being processed, and the ability to have their information deleted from specified sources. Failure to comply can be met with very steep fines.
In a nutshell, if your company (or your company’s employees) email EU residents or companies, these regulations may apply to you.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How GDPR Applies to ClientSuccess
Part of the GDPR is increased scope of responsibility. Companies who process data (like ClientSuccess) are jointly responsible for following the new regulations’ practices. This is why ClientSuccess is taking a proactive approach to help educate and prepare for the new changes.
Under GDPR, there are two different entities – data controllers and data processors. Data controllers own and control what information is being collected, and why the data is being processed. Processors are responsible for exercising control of the data they process and the security of that data.
In the case of ClientSuccess’ services, ClientSuccess acts as the data processor and our customers act as the data controllers.
ClientSuccess and GDPR?
ClientSuccess is compliant with the GDPR. Our team worked with customers to answer their questions and to help them prepare for using ClientSuccess’ services. Additionally, our team reviewed and refined our current practices, procedures and policies to ensure we support our customers with their GDPR compliance requirements.
ClientSuccess also appointed a Data Protection Office (DPO), which is a requirement for both controllers and processors. The DPO is responsible for being the main point of contact for data privacy needs, and for ensuring that his/her company is following best practices. Feel free to reach our DPO by emailing firstname.lastname@example.org.
A large part of GDPR is documenting what data is being processed and why. Data Processing Agreements (DPAs) outline and set expectations between ClientSuccess and its customers when it comes to processing data. This allows for transparency and, as a data sub-processor under the new GDPR, ClientSuccess is willing to sign DPAs with our customers. Every industry has a different set of regulations and ClientSuccess will ensure we align to those requirements.
Why is this important to you?
One of the biggest changes under GDPR is joint responsibility for data processing and privacy. Companies are now responsible for the data they send to their third party vendors, and what the vendors do with that information. ClientSuccess is working hard to be GDPR compliant and transparent to ensure you have one less thing to worry about with the sweeping privacy changes outlined by GDPR. As new regulations continue to evolve, ClientSuccess will be ready for them!