If your company has an online presence, you are probably already familiar with the European Union’s General Data Protection Regulation, otherwise known as GDPR. We want to be clear about how Evergage is thinking about GDPR and how we are helping our clients to enable GDPR compliance in this blog post.
We are deeply committed to helping our clients provide a relevant experience to each customer and prospect, while complying with the law and respecting each individual’s privacy and specific wishes for the usage of their personal data. Evergage has supported customer opt-in and opt-out from the start, and recognizes the privacy requirements of our varied customer base. Over the past 12 months, we have been working closely with our clients to ensure compliance with GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) law that regulates the collection and use of information of EU citizens. The GDPR will be enforced starting May 25, 2018. After that date, significant fines may be imposed for non-compliance.
Many Evergage clients are affected by GDPR and you should seek legal advice regarding how you are affected and what you need to do to comply.
The Roles of Data Controllers and Data Processors
Under the GDPR, the “Data Controller” has the relationship with the prospect/customer — the European Union citizen. Evergage’s clients are Data Controllers.
For example, suppose an Evergage client has a website that sells goods/services or provides information to EU citizens. The client wishes to use Evergage to collect behavioral data on visitors to its website in order to provide each visitor with a personally relevant experience. That client is considered a Data Controller because it has the direct relationship with the EU citizen.
Under the GDPR, Evergage is a “Data Processor.” On behalf of our clients, the Data Controllers, Evergage processes behavioral data from EU citizens that visit the Data Controller’s website. As part of our contractual relationship with our clients, Evergage enters into a Data Processing Agreement that expresses our legal commitments under the GDPR.
Evergage’s Commitments to our Clients
As part of the Data Processing agreement, Evergage commits to comply with the GDPR in how we process the data of EU citizens, who can gain access to the data, how we will secure the data, how we will respond to breaches, where we will transfer the data, and how we will respect and respond to the rights of EU citizens (the “Data Subjects”).
If an EU citizen wishes to not be tracked or have their data deleted or modified, Evergage makes it easy for our clients to comply with this request and give attestation to their compliance.
In accordance with our 1 Mission value, Evergage is committed to working with our clients closely and effectively to enable them to respect the law as well as the wishes of their prospects and customers while continuing to provide helpful engagement and personalized experiences to people who desire relevance.
Evergage’s View of the GDPR
Evergage is supportive of the GDPR. We make it possible to deeply understand prospects and customers and use that understanding to provide significantly better experiences and engagement. Many people want that kind of relevant, helpful experience, and those people will allow Evergage (and other services) to continue collecting their data. Other individuals may choose to have a generic experience over a personalized one, and we believe that those individuals should certainly be allowed to have that option.