On May 25, 2018, the EU General Data Protection Regulation (GDPR) will come into effect. Aimed at strengthening protections for the personal data of EU residents, this is the the most significant change in EU data protection law since 1995.
Even though GDPR preparation is a major undertaking, this mindset isn’t new for us. We’ve had EU customers for many years, and we’re familiar with EU privacy law. As a company that thousands of customers entrust with their data, we’re committed to making GDPR compliance an ongoing part of our processes.
What you should know
The Sift Science Digital Trust Platform is fully compliant with GDPR. In preparation for The GDPR implementation date, we have revised our data retention policy, and have reviewed potential privacy impacts and risks to data subjects to ensure full compliance.
We have updated our rights request program to comply with the the new GDPR data subject rights requests, namely the Right to Be Forgotten and the Right to Object.
In addition to updating our privacy policies, Sift is prepared to execute our Data Protection Addendum (DPA), which describes Sift’s privacy and security commitments and is in compliance with GDPR.
Our data transfer program remains in compliance with cross-border data transfer requirements. Through our Privacy Shield Certification, Sift Science customers can entrust Sift with EU personal data.
Continued compliance
We take privacy and security very seriously. We maintain a Privacy Team and have appointed a Data Protection Officer (DPO). Both parties will have the formal responsibility for data protection compliance within Sift. As such, we look forward to continually evaluating and updating our security and privacy policies to ensure compliance. We see compliance with GDPR as an opportunity to continue to earn the trust of our European customers.