Forrester logo Download the report

General Data Protection Regulation (GDPR)

The European Union’s General Data Protection Regulation (GDPR) is widely recognized by privacy professionals as the most significant privacy legislation in more than two decades — perhaps ever.

What is GDPR?

With the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the European Parliament, the Council and the European Commission intend to strengthen and unify data protection and privacy for individuals within the European Union (EU). When the law takes effect in May 2018, it will trigger significant changes to how global brands approach online marketing, data protection and privacy policies.

It’s important to note that the new legislation also addresses the export of personal data outside the EU — effectively extending its application to any business with even a single customer in Europe.

  • Date Enforcement Begins: May 25, 2018
  • Fines: Up to €20,000,000 or 4% of total annual global turnover, whichever is greater, for the most serious infringements
  • Liability: Individuals whose privacy has been infringed upon can easily bring private claims against data controllers, and data subjects who have suffered non-material damage as a result of an infringement to sue for compensation
  • Changes: New elements and significant enhancements over current Data Protection Acts 1988 and 2003 (the Acts) requiring detailed consideration by all organizations involved in processing personal data

T-Minus 365 Days to GDPR. Are you ready?

You have


to be fully compliant

If not, Gigya can help with a GDPR Readiness Toolkit that enables global businesses to begin preparing now. The kit was developed by customer identity experts, with resources designed specifically to help businesses prepare to meet GDPR compliance for their customer identity and access management (CIAM) solutions by the May 25th, 2018 deadline.

GDPR Readiness Toolkit for Customer Identity & Access Management

  • Survey Guide – The 2017 State of Consumer Privacy and Trust: Compelling statistics and trends around customers’ opinions regarding data privacy and trust in their online experiences.
  • CIAM Guide to Addressing GDPR Requirements: A practical guide to help businesses understand how Gigya’s Customer Identity Management platform helps clients prepare to meet GDPR compliance and other global data privacy regulations for their CIAM implementations.
  • Data Sheet – Gigya Privacy by Design Program: An overview of the Gigya Privacy by Design Program, describing the consultative approach the GigyaWorks Global Services team takes when helping businesses prepare to address GDPR requirements for their CIAM implementations.
  • GDPR Technical Self-Assessment for CIAM: A self-service tool for evaluating businesses’ customer identity management practices to help determine the gaps and remediation needed to meet GDPR compliance.
  • GDPR Compliance Matrix: A list of Gigya Customer Identity Management platform features that help clients prepare to meet the most complex requirements of the GDPR for their customer identity management solutions.

Gigya and GDPR: Helping manage your customers’ data to keep you in compliance

As the leader in Customer Identity Management, Gigya has implemented systems and programs to achieve compliance as a data processor and to help our clients meet the challenges of the GDPR, including:

  • A formal Information Security Management System (“InfoSec System”). This comprehensive set of written policies, procedures and practices is designed to ensure security for our clients’ data and confidential information and to effectively assess, manage, and respond to information security risks. Gigya is ISO 27001 and ISO 27018:2014 certified, and uses only SSAE-16 certified data centers to host its platform. Controls implemented as part of this InfoSec System include asset management, access management, change management, software development lifecycle management and vendor security screening. Download our data sheet to learn more about our industry-leading security and data privacy practices.
  • Privacy by design processes. Our product and product marketing teams work closely with our Chief Information Security Officer to address privacy and security concerns when determining product feature requirements.
  • A robust corporate privacy program. This includes operational procedures and privacy training and awareness building for employees.

Learn more about how Gigya approaches data security and privacy in our Trust pages.

The Gigya Privacy by Design Program, Delivered by GigyaWorks Global Services

Tackling GDPR Head On with Gigya's Privacy by Design Program - Data SheetThe Gigya Privacy by Design Program is a customized-per-client engagement between clients and the GigyaWorks Global Services team. The goal of the program is to help businesses prepare to meet the requirements of the GDPR and other regional privacy regulations for their customer identity and access management (CIAM) implementations. Download our data sheet to learn how, in five steps, we help businesses build CIAM strategies and solutions based on privacy by design.

Download the data sheet

Meet us at

Rogers Cup
Toronto, Canada

August 5-13, 2017
View Event >