The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018.
The full text of the GDPR can be found here.
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Drift and our customers to meet GDPR requirements. This is available for customers to sign upon request.
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
We’ve reviewed our vendors, finding out about their GDPR plans and arranging GDPR-ready data processing agreements with them. We have data processing agreements in place with all subprocessors that will be handling your customers’ personal data.
Security is a priority for us and we have a dedicated security team. We have appointed a Data Protection Officer, whose job is to ensure that your and your customers’ personal data is kept safe. We have regular external vulnerability scans and penetration tests. We are Privacy Shield certified and our SOC 2 Type 2 is in progress.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers be compliant. Some steps you can take are:
Feel free to reach out to us if you have any questions about the GDPR – we’d be happy to chat about it.