What is the GDPR?

On May 25, 2018, Europe’s new data protection law, the General Data Protection Regulation, will come into effect. The GDPR marks the most significant reform of European data protection law – indeed, any data protection law anywhere in the world – ever.

Under the reforms introduced by the GDPR, any business that provides goods and services into the European Union, or that otherwise monitors the behavior of individuals in the European Union (i.e. the use of analytics or ad tech technologies) will be subject to data protection law. Organizations that do not comply with the GDPR face potential regulatory fines of up to 4% of annual worldwide turnover, in addition to civil suits from affected individuals.

What are netFactor and Bombora doing about it?

NetFactor and Bombora recognizes the significance of these reforms both to our clients and to the services we provide. Our customers expect to work with partners who commit to compliant data protection and information security standards when handling their data. For that reason, netFactor and Bombora with support from EU external advisers, have been undertaking and will continue to undertake a number of activities to ensure that it is GDPR-ready by May 25th. These activities include:

  • Conducting a full data mapping exercise to prepare the data processing records required by Article 30 of the GDPR.
  • Updating netFactor and Bombora’s standard customer terms to ensure that, when netFactor or Bombora acts as a processor, these reflect the relevant data processor commitments under Article 28 of the GDPR. Reviewing and revising netFactor and Bombora’s downstream terms with its vendors and co-op partners to ensure that these address GDPR requirements.
  • Reviewing, identifying and implementing any product changes that might be needed in light of the GDPR. This includes enabling compliant consent (where required) pathways and formalizing its processes around data subject rights to ensure that netFactor and Bombora are able to respond (and that it can help its customer’s respond) comprehensively and within the timeframes required by the GDPR.
  • Revising netFactor and Bombora’s privacy notices to ensure they meet the disclosure requirements of the GDPR.
  • Ensuring continued use of adequate security measures to safeguard any data collected and processed on systems owned or managed by netFactor and/or Bombora.

NetFactor and Bombora are committed to implementing the GDPR readiness program and understand the importance of a successful transition to GDPR for their customers. If you have any questions please reach out to us at gdpr@bombora.com.