As the provider of the world's most comprehensive user lifecycle management platform, Upsight has always made privacy and data protection a top priority. As we prepare for the effective date of General Data Protection Regulation (GDPR), we’re confident that we’ll continue to maintain the highest levels of trust among our clients and their millions of users.
GDPR is a new European Union (EU) law that strengthens personal data protections in light of rapid technological developments, increased globalization, and more complex international information flows. The law, which goes into effect on May 25, 2018, replaces the patchwork of protections currently in place in separate EU countries with a single set of rules, directly enforceable in each EU member state.
In anticipation of the new law, we’ve been working diligently to ensure compliance. Here’s a quick review of the key steps we’ve taken to ensure a seamless transition to the new requirements:
Comprehensive vendor review
Our legal and security experts have talked to all of our vendors and partners about their plans for security, privacy, and confidentiality. These vendors and partners are aware of GDPR and are taking compliance as seriously as we are.
Upsight has also been working with TrustArc, a leading technology compliance and security company that helps businesses update their privacy management processes so they comply with government laws and best practices.
Introduction to a Data Processing Addendum and customer
Because the protection and proper processing of customer data is so important to our business, Upsight will be providing a formal Data Processing Addendum (DPA) that outlines and clarifies the roles and legal responsibilities with respect to data, and reflects new requirements mandated by GDPR between Upsight and our customers.
In addition, we will be providing our customers with valuable tools they can use to stay in compliance with GDPR, which will enable them to give their consumers (identified as data subjects by the new law) the following rights:
- Right to access by the data subject, which allows data subjects to see what personal data concerning them has been collected;
- Right to erasure (“Right to be Forgotten”), which allow data subjects to have personal data concerning them be removed (and prevent collecting Personal Data in the future); and
- Right to restriction of processing, which allows data subjects to have personal data concerning them remain in storage, but no longer processed, until further notice.
The implementation of GDPR this spring will bring many changes to the privacy landscape, and Upsight is committed to remaining at the forefront of data security. Nothing is more important than the trust our clients put in us to use their data responsibly.