Now There’s an IDEA – Customer Experience...
On December 20th, President Trump signed into law the 21st Century Integrated Digital Experience Act, otherwise known as the IDEA Act. The bill, spearheaded by Rep. Ro Khanna, is aimed...
Your message has been received and we will contact you shortly.
Get the best in Customer Experience content delivered straight into your inbox.
We recently sat down with Matt Bertenthal, Senior Privacy Counsel at Medallia, to learn more about the General Data Protection Regulation (GDPR) and what plans Medallia has in place to comply with GDPR’s new requirements.
So Matt, what exactly is GDPR?
GDPR is a law in the European Union that will replace existing data protection laws in all EU countries starting on May 25, 2018. The law requires any company doing business in the EU to demonstrate that they have a lawful basis to handle personal data and adequate processes in place to manage and protect it.
As part of its requirements for data collection and processing, companies need to be accountable for how they safeguard personal information of people in the EU. Because a large portion of Medallia survey programs collect the personal data within the EU, many of our customers will be subject to GDPR.
We know that the protection of personal data has become an ever-increasing hot topic. Can you explain a little about why GDPR is so important, especially in today’s digital age?
In short, GDPR is important because it improves the protection of European privacy rights and clearly outlines what companies that process personal data must do to safeguard these rights. While personal data has been protected by numerous laws across different countries, the laws in the EU have been disparate and have not applied as broadly outside of the EU. GDPR will change that. With newly centralized requirements, increased breadth of application, and higher potential fines, companies are even more focused on how they collect, store, and use personal data.
How will GDPR impact customer experience?
Under GDPR, customers are gaining more control over their relationships with the companies they interact with. They’ll have the right to access, update and remove the data that businesses hold on them. Many companies are embracing this as an opportunity to establish a new level of transparency and trust with their customers, creating an opportunity for companies to make their businesses more customer-centric.
What is the “right to be forgotten”?
The “right to be forgotten,” also called “the right to erasure,” is going to be an important piece of the compliance picture when it comes to GDPR. Essentially, it means that any person residing in the EU will be able to request deletion of their data from corporate databases in a timely fashion. And if that data isn’t removed, the customer has the right to know why.
How does Medallia ensure compliance with GDPR?
That’s a great question. Teams across the company have made GDPR a top priority over the past year. Starting from a foundation of strong security and privacy protections, Medallia has introduced new product functionality to pre-wire our platform for GDPR, and doubled down on security protections. And all of this work isn’t just motivated by GDPR. Securing, deleting and appropriately restricting access to data are critical to providing a good customer experience.
Key compliance features of the Medallia Experience Cloud include: