Our commitment on the upcoming EU Data Regulation.
At ClientSuccess, we’ve been working hard to prepare for EU General Data Protection
Regulation (GDPR), to ensure that we fulfill its obligations and maintain our transparency about
customer messaging and how we use data. Here’s an overview of GDPR, and how we’re
preparing for it at ClientSuccess:
What exactly is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection
law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to
strengthen the protection of “personal data” and the rights of the individual. It will be a single
set of rules which govern the processing and monitoring of EU data.
Some other main themes of the new regulations include data transparency, increased scope of
responsibility for those who process personal information, and consent to collect and process
personal information. GDPR empowers its residents to better understand who is processing
their data, why their information is being processed, and the ability to have their information
deleted from specified sources. Failure to comply can be met with very steep fines.
In a nutshell, if your company (or your company’s employees) email EU residents or companies,
these regulations may apply to you.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply
to you, whether you’re based in the EU or not.
How GDPR Applies to ClientSuccess
Part of the GDPR is increased scope of responsibility. Companies who process data (like
ClientSuccess) are jointly responsible for following the new regulations’ practices. This is why
ClientSuccess is taking a proactive approach to help educate and prepare for the new changes.
Under GDPR, there are two different entities - data controllers and data processors. Data
controllers own and control what information is being collected, and why the data is being
processed. Processors are responsible for exercising control of the data they process and the
security of that data.
In the case of ClientSuccess’ services, ClientSuccess acts as the data processor and our
customers act as the data controllers.
How is ClientSuccess preparing for GDPR?
ClientSuccess will be compliant with the GDPR when it becomes enforceable in May 2018. Our
team is working with customers to answer their questions and to help them prepare for using
ClientSuccess’ services after the GDPR becomes effective. Additionally, our team is reviewing
and refining our current practices, procedures and policies to ensure we support our customers
with their GDPR compliance requirements.
ClientSuccess also appointed a Data Protection Office (DPO), which is a requirement for both
controllers and processors. The DPO is responsible for being the main point of contact for data
privacy needs, and for ensuring that his/her company is following best practices. Feel free to
reach our DPO by emailing firstname.lastname@example.org.
A large part of GDPR is documenting what data is being processed and why. Data Processing
Agreements (DPAs) outline and set expectations between ClientSuccess and its customers
when it comes to processing data. This allows for transparency and, as a data processor under
the new GDPR, ClientSuccess is willing to sign DPAs with our customers. Every industry has a
different set of regulations and ClientSuccess will ensure we align to those requirements.
Why is this important to you?
One of the biggest changes under GDPR is joint responsibility for data processing and privacy.
Companies are now responsible for the data they send to their third party vendors, and what
the vendors do with that information. ClientSuccess is working hard to be GDPR compliant and
transparent to ensure you have one less thing to worry about with the sweeping privacy
changes outlined by GDPR. As new regulations continue to evolve, ClientSuccess will be ready