What is the GDPR?
On May 25, 2018, Europe’s new data protection law, the General Data Protection Regulation, will come into effect. The GDPR marks the most significant reform of European data protection law – indeed, any data protection law anywhere in the world – ever.
Under the reforms introduced by the GDPR, any business that provides goods and services into the European Union, or that otherwise monitors the behavior of individuals in the European Union (i.e. the use of analytics or ad tech technologies) will be subject to data protection law. Organizations that do not comply with the GDPR face potential regulatory fines of up to 4% of annual worldwide turnover, in addition to civil suits from affected individuals.
What is Bombora doing about it?
Bombora recognizes the significance of these reforms both to our clients and to the services we provide. Our customers expect to work with partners who commit to compliant data protection and information security standards when handling their data. For that reason, Bombora with support from EU external advisers, have been undertaking and will continue to undertake a number of activities to ensure that it is GDPR-ready by May 25th. These activities include:
- Conducting a full data mapping exercise to prepare the data processing records required by Article 30 of the GDPR.
- Updating Bombora’s standard customer terms to ensure that, when Bombora acts as a processor, these reflect the relevant data processor commitments under Article 28 of the GDPR. Reviewing and revising Bombora’s downstream terms with its vendors and co-op partners to ensure that these address GDPR requirements.
- Reviewing, identifying and implementing any product changes that might be needed in light of the GDPR. This includes enabling compliant consent (where required) pathways and formalizing its processes around data subject rights to ensure that Bombora is able to respond (and that it can help its customer’s respond) comprehensively and within the timeframes required by the GDPR.
- Revising Bombora’s privacy notices to ensure they meet the disclosure requirements of the GDPR.
- Ensuring continued use of adequate security measures to safeguard any data collected and processed on systems owned or managed by Bombora.
Bombora is committed to implementing its GDPR readiness program and understands the importance of a successful transition to GDPR for its customers. If you have any questions please reach out to us at firstname.lastname@example.org.