Legal Disclaimer: Customer is responsible for ensuring compliance with laws & regulations (i.e. European Union GDPR). Customer/prospective customer must seek legal counsel to understand applicability of any law or regulation on processing of personal data, including through the use of Acquia products or services. Some products, services, & other capabilities described herein may/may not be available based upon an organization’s specific environment & Acquia services acquired. *Please note, for Acquia Cloud Professional users: See the Terms of Service for GDPR requirements.
Acquia is GDPR ready and welcomes this regulation as an important step forward in harmonizing the current disparate data protection requirements across the member states of the European Union. GDPR is as an opportunity to strengthen and deepen Acquia's commitment to data protection and to demonstrate how our offerings can help our customers on their own GDPR journey.
GDPR Frequently Asked Questions
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a data protection regulation that the European Union issued in order to replace the European Data Protection Directive of 1995. The GDPR will directly apply to all member states of the European Union from 25 May 2018 forward. The GDPR applies to organizations both inside and outside the European Union that are processing the personal data of data subjects who are in the European Union (“EU”).
Who does GDPR affect?
The GDPR applies to organizations located within the EU as well as organizations located outside of the EU that do business with, offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.
What does GDPR protect?
GDPR is focused on the protection of the personal data of individuals in the European Union. Under the GDPR, Personal Data is defined broadly in Article 4 (1) as follows:
“[A]ny information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Some examples of personal data include, but are not limited to: name, personalized e-mail address, mailing address, phone number, dynamic and static IP addresses etc.
What are the principles of GDPR as it pertains to personal data?
There are six principles to be mindful of in regards to personal data:
- Should be processed lawfully, fairly and in a transparent way.
- Should be collected for specified, explicit and legitimate purpose.
- Should be kept up to date.
- Should be limited to what is necessary.
- Should not allow identification of people for longer than necessary.
- Should be processed in a way that ensures appropriate security.
The GDPR strengthens the rights of individuals in the EU under the currently existing data protection regulations, as well as giving new rights.
How does the GDPR affect data collection?
How does the GDPR affect marketing personalization?
GDPR doesn’t prevent personalization, but as mentioned above, it does change the way marketers collect personal data. Marketers who are informed about GDPR will understand that as long as the gathering and use of personal data is justified for legitimate business purposes and secured (via least privileged access, access control management, encrypted, pseudonymized, etc.), companies may continue to gather personal data from users for marketing efforts. GDPR allows for personalization based on cookies, and the customer needs to comply with applicable requirements such as transparency of cookies, user consent etc. Acquia’s personalization solutions provide tools for our customers to configure data collection properly, such as the ability to: set cookie duration; set visitor to do not track; anonymize profile; hash any identifier.
Acquia Inc. is committed to protecting the privacy of your information.
Acquia’s GDPR Readiness Plan
The GDPR will regulate the protection of personal data across the EU member states. Read how Acquia is prepared.
Acquia Sub-processors supporting Acquia as Data Processor
A list of Sub-processors currently authorized by Acquia Inc. (“Acquia”) to process customer data and assist Acquia with respect to the provision of the applicable services under the Acquia Subscription and Services Agreement.
Acquia Security Annex
Acquia has implemented and will maintain technical and organizational measures inclusive of administrative, technical and physical safeguards.
Acquia GDPR Data Processing Addendum
This DPA is available to customers from your account manager who have executed a subscription and services agreement.
Marketing Personalization in the Age of GDPR
Read about best practices and how our personalization products provide tools to help customers collect data responsibly.
Acquia Legal & Compliance
Find legal information and resources for Acquia’s services.
Acquia is GDPR Ready
Acquia is ready for the General Data Protection Regulation (GDPR). Read our blog to learn more.
EU-U.S. Privacy Shield
Acquia’s certification for the EU-U.S. Privacy Shield
European Commission – data transfers outside the EU
Data Protection Rules
European Commission – reform of EU data protection rules