We recently sat down with Matt Bertenthal, Senior Privacy Counsel at Medallia, to learn more about the General Data Protection Regulation (GDPR) and what plans Medallia has in place to comply with GDPR’s new requirements.
GDPR is a law in the European Union that will replace existing data protection laws in all EU countries starting on May 25, 2018. The law requires any company doing business in the EU to demonstrate that they have a lawful basis to handle personal data and adequate processes in place to manage and protect it.
As part of its requirements for data collection and processing, companies need to be accountable for how they safeguard personal information of people in the EU. Because a large portion of Medallia survey programs collect the personal data within the EU, many of our customers will be subject to GDPR.
In short, GDPR is important because it improves the protection of European privacy rights and clearly outlines what companies that process personal data must do to safeguard these rights. While personal data has been protected by numerous laws across different countries, the laws in the EU have been disparate and have not applied as broadly outside of the EU. GDPR will change that. With newly centralized requirements, increased breadth of application, and higher potential fines, companies are even more focused on how they collect, store, and use personal data.
Under GDPR, customers are gaining more control over their relationships with the companies they interact with. They’ll have the right to access, update and remove the data that businesses hold on them. Many companies are embracing this as an opportunity to establish a new level of transparency and trust with their customers, creating an opportunity for companies to make their businesses more customer-centric.
The “right to be forgotten,” also called “the right to erasure,” is going to be an important piece of the compliance picture when it comes to GDPR. Essentially, it means that any person residing in the EU will be able to request deletion of their data from corporate databases in a timely fashion. And if that data isn’t removed, the customer has the right to know why.
That’s a great question. Teams across the company have made GDPR a top priority over the past year. Starting from a foundation of strong security and privacy protections, Medallia has introduced new product functionality to pre-wire our platform for GDPR, and doubled down on security protections. And all of this work isn’t just motivated by GDPR. Securing, deleting and appropriately restricting access to data are critical to providing a good customer experience.
Key compliance features of the Medallia Experience Cloud include: