Last Modified: May 2, 2018
What is GDPR?
GDPR stands for General Data Protection Regulation (“GDPR”). GDPR unifies all European Union (“EU”) Member State data privacy laws and applies to all companies that either (i) have a corporate presence in the EU or (ii) offer goods or services to EU residents or customers located there, and in connection with such activities process personal data.
GDPR replaces the Data Protection Directive 95/94/EC which was put in place in 1995.
Does GDPR apply to Salsify?
Yes. While we do not currently have employees in the EU, we do process and hold personal data of data subjects residing in the EU, specifically for marketing and customer service purposes.
GDPR compliance is a requirement of our international customers with European affiliates and we need to ensure that we are following the requirements set forth by GDPR.
Key Components of Our Compliance Efforts
We understand that trust is a key component in all partnerships. We respect customers’ data and the need for keeping it protected and secure. We see our compliance efforts as an opportunity to strengthen our relationships as we continue to work with our customers to ensure the protection of their organizational and personal data. We take our commitment to this initiative seriously and we have dedicated resources to closely analyze the requirements of GDPR, and are finalizing enhancements to our products, data inventory, and marketing processes to support compliance with GDPR.
Then, for purposes of transferring personal data from the EU in compliance with GDPR, Salsify has received application approval for our Privacy Shield self-certification.
We are commitment to comply with the Principles set forth in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
In December of 2017, we obtained our SOC2 Type 1 certification and are actively working towards our SOC2 Type 2.
Our employees will be trained on new processes for data handling, privacy by design and privacy impact assessments.
Additionally, we are working with our 3rd party service providers to ensure that data protection processes, such as data subject access requests, and agreements covering our vendors, are in place.
In the interim, we offer all of our customers a Data Protection Regulation Addendum. This permits customers to continue to transfer data to Salsify without interruption. For more information about this agreement, please reach out to your Account Manager.
We are working successfully with numerous global and European companies, and are happy to discuss further.
How long is the Privacy Shield certification valid for?
Salsify will renew the Privacy Shield certification annually and compliance will be audited on a regular basis.