Our commitment on the EU Data Regulation.
At ClientSuccess, we’ve prepared for EU General Data Protection Regulation (GDPR) to ensure that we fulfill its obligations and maintain our transparency about customer messaging and how we use data.
Here’s an overview of GDPR, and how we’ve prepared for it at ClientSuccess:
What exactly is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection
law that went into effect on May 25, 2018. It replaced existing EU Data Protection law to
strengthen the protection of “personal data” and the rights of the individual. It is a single
set of rules which govern the processing and monitoring of EU data.
Some other main themes of the new regulations include data transparency, increased scope of
responsibility for those who process personal information, and consent to collect and process
personal information. GDPR empowers its residents to better understand who is processing
their data, why their information is being processed, and the ability to have their information
deleted from specified sources. Failure to comply can be met with very steep fines.
In a nutshell, if your company (or your company’s employees) emails EU residents or companies,
these regulations may apply to you.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply
to you, whether you’re based in the EU or not.
How GDPR Applies to ClientSuccess
Part of the GDPR is increased scope of responsibility. Companies who process data (like
ClientSuccess) are jointly responsible for following the new regulations’ practices. This is why
ClientSuccess is taking a proactive approach to help educate and prepare for the new changes.
Under GDPR, there are two different entities - data controllers and data processors. Data
controllers own and control what information is being collected, and why the data is being
processed. Processors are responsible for exercising control of the data they process and the
security of that data.
In the case of ClientSuccess’ services, ClientSuccess acts as the data processor and our
customers act as the data controllers.
How has ClientSuccess prepared for GDPR?
ClientSuccess is currently and was compliant with the GDPR when it went into effect May 2018.
Our team will answer our customers' questions and help them prepare for using ClientSuccess'
services after the GDPR becomes effective. Additionally, our team has reviewed and refined our
current practices, procedures and policies to ensure we support our customers with their GDPR
compliance requirements.
ClientSuccess also appointed a Data Protection Office (DPO), which is a requirement for both
controllers and processors. The DPO is responsible for being the main point of contact for data
privacy needs, and for ensuring that his/her company is following best practices. Feel free to
reach our DPO by emailing privacy@clientsuccess.com.
A large part of GDPR is documenting what data is being processed and why. Data Processing
Agreements (DPAs) outline and set expectations between ClientSuccess and its customers
when it comes to processing data. This allows for transparency and, as a data processor under
the new GDPR, ClientSuccess is willing to sign DPAs with our customers. Every industry has a
different set of regulations and ClientSuccess will ensure we align to those requirements.
Why is this important to you?
One of the biggest changes under GDPR is joint responsibility for data processing and privacy.
Companies are now responsible for the data they send to their third party vendors, and what
the vendors do with that information. ClientSuccess has worked hard to be GDPR compliant and
transparent to ensure you have one less thing to worry about with the sweeping privacy
changes outlined by GDPR. As new regulations continue to evolve, ClientSuccess will be ready
for them!