What is GDPR?
With the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the European Parliament, the Council and the European Commission intend to strengthen and unify data protection and privacy for individuals within the European Union (EU). When the law takes effect in May 2018, it will trigger significant changes to how global brands approach online marketing, data protection and privacy policies.
It’s important to note that the new legislation also addresses the export of personal data outside the EU — effectively extending its application to any business with even a single customer in Europe.
to be fully compliant
Don’t wait, let Gigya show you how to easly address and manage compliance settings for your customers.
What are key elements to consider?
- Date Enforcement Begins: May 25, 2018
- Fines: The GDPR gives data protection authorities more robust powers to tackle non-compliance, including significant administrative fining capabilities of up to €20,000,000 or 4% of total annual global turnover, whichever is greater, for the most serious infringements
- Liability: The GDPR also makes it considerably easier for individuals to bring private claims against data controllers when their data privacy has been infringed, and allows data subjects who have suffered non-material damage as a result of an infringement to sue for compensation
- Changes: The GDPR introduces new elements and significant enhancements over current Data Protection Acts 1988 and 2003 (the Acts) which will require detailed consideration by all organizations involved in processing personal data
Gigya and GDPR: Helping manage your customers’ data to keep you in compliance
As the leader in Customer Identity Management, Gigya has implemented systems and programs to achieve compliance as a data processor and to help our clients meet the challenges of the GDPR, including:
- A formal Information Security Management System (“InfoSec System”). This comprehensive set of written policies, procedures and practices is designed to ensure security for our clients’ data and confidential information and to effectively assess, manage, and respond to information security risks. Gigya is ISO 27001 and ISO 27018:2014 certified, and uses only SSAE-16 certified data centers to host its platform. Controls implemented as part of this InfoSec System include asset management, access management, change management, software development lifecycle management and vendor security screening. Download our data sheet to learn more about our industry-leading security and data privacy practices.
- Privacy by design processes. Our product and product marketing teams work closely with our Chief Information Security Officer to address privacy and security concerns when determining product feature requirements.
- A robust corporate privacy program. This includes operational procedures and privacy training and awareness building for employees.
Learn more about how Gigya approaches data security and privacy in our Trust pages.