Acquia & GDPR Compliance
GDPR Frequently Asked Questions
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a data protection regulation that the European Union issued in order to replace the European Data Protection Directive of 1995. The GDPR directly applies to all member states of the European Union from 25 May 2018 forward. The GDPR applies to organizations both inside and outside the European Union that are processing the personal data of data subjects who are in the European Union (“EU”).
Who does GDPR affect?
The GDPR applies to organizations located within the EU as well as organizations located outside of the EU that do business with, offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.
What does GDPR protect?
GDPR is focused on the protection of the personal data of individuals in the European Union. Under the GDPR, Personal Data is defined broadly in Article 4 (1) as follows:
“[A]ny information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Some examples of personal data include, but are not limited to: name, personalized e-mail address, mailing address, phone number, dynamic and static IP addresses etc.
- What are the principles of GDPR as it pertains to personal data?
- There are six principles to be mindful of in regards to personal data:
- Should be processed lawfully, fairly and in a transparent way.
- Should be collected for specified, explicit and legitimate purpose.
- Should be kept up to date.
- Should be limited to what is necessary.
- Should not allow identification of people for longer than necessary.
- Should be processed in a way that ensures appropriate security.
The GDPR strengthens the rights of individuals in the EU under the currently existing data protection regulations, as well as giving new rights.
How does the GDPR affect data collection?
How does the GDPR affect marketing personalization?
GDPR doesn’t prevent personalization, but as mentioned above, it does change the way marketers collect personal data. Marketers who are informed about GDPR will understand that as long as the gathering and use of personal data is justified for legitimate business purposes and secured (via least privileged access, access control management, encrypted, pseudonymized, etc.), companies may continue to gather personal data from users for marketing efforts. GDPR allows for personalization based on cookies, and the customer needs to comply with applicable requirements such as transparency of cookies, user consent etc. Acquia’s personalization solutions provide tools for our customers to configure data collection properly, such as the ability to: set cookie duration; set visitor to do not track; anonymize profile; hash any identifier.
Acquia Inc. is committed to protecting the privacy of your information.
The GDPR regulates the protection of personal data across the EU member states. Read how Acquia is prepared.
A list of sub-processors currently authorized by Acquia Inc. (“Acquia”) to process customer data and assist Acquia with respect to the provision of the applicable services under the Acquia Subscription and Services Agreement.
Acquia has implemented and will maintain technical and organizational measures inclusive of administrative, technical and physical safeguards.
This DPA is available to customers from your account manager who have executed a subscription and services agreement.
Read about best practices and how our personalization products provide tools to help customers collect data responsibly.
Find legal information and resources for Acquia’s services.
Acquia is in compliance with the General Data Protection Regulation (GDPR). Read our blog to learn more.
If you have questions about Acquia’s policies, terms, archives or other legal and data security topics, we’d like to hear from you.
For privacy inquiries, email: [email protected]
For DMCA notices and all other legal inquiries, email: [email protected]
For security inquiries, email: [email protected]
Please contact the Acquia GDPR team at [email protected].