Knowledge Base Article

GDPR and CCPA Compliance

On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect. GDPR is a set of data privacy laws across Europe that are designed to protect EU citizens’ data privacy and reshape the way organizations approach data privacy.

On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) will go into effect and enforcement will begin July 1, 2020.  The CCPA is a California privacy law that is applicable to businesses doing business in California and that meet one of three revenue thresholds.  It also applies to service providers of those businesses, who are defined under the CCPA as a company handling PI on behalf of a business, for a business purpose.

The following is an update on Khoros’s compliance efforts as they relate to the GDPR and CCPA:

We have worked with outside EU counsel to ensure we are correctly interpreting how the GDPR affects Khoros specifically, and to ensure we are handling EU personal data correctly.  For example, we confirmed our interpretations of consent requirements and other legal bases for processing personal data and exporting personal data from the EEA with our EU counsel.  

Additionally, Khoros has been working with outside U.S. counsel to ensure we are compliant with the CCPA. One important point to make clear is that Khoros will never sell our customers’ personal information for any reason at all and we will contractually agree to the same.

Khoros has updated its DPA template to expand its scope not just to EU personal data, but to PI covered under the CCPA also.   Our DPA template also contains all the necessary GDPR flow-down provisions and accurately reflects the processes used by Khoros to comply with privacy laws. We would be happy to provide you a copy to make it easy for you to check the box in regards to your own GPDR/CCPA compliance efforts.

Khoros is continually examining and documenting our internal processes and any aspects of our product portfolio that relate to personal data handling, not just to ensure regulatory compliance, but more importantly to achieve best practices and satisfy our customers’ needs.   

If you’re looking for more information, check out the links below to our product specific FAQs, privacy policies, details on our subprocessors, and the official sites for GDPR and CCPA. And I know this is complicated, so if you have specific questions, leave them in the comments and I’ll make sure they get addressed.

Updated 2 years ago
Version 8.0
Compliance
GDPR
General Data Protection Regulation

Was this article helpful?

12 Comments

Sort By
  • j0hnlewis's avatar
    j0hnlewis
    Expert
    8 years ago

    Hi there,

     

    Do you have any specifics yet on what functionality or capabilities will be made available to support businesses with GDPR compliance requests (e.g. API updates)?

     

    We are already reviewing how we might process customer requests in relation to GDPR compliance and how this will impact our community / LSMM platforms.

     

    It is comforting that Lithium are being proactive in this space, however it would be good to have some more specifics :)

     

    "As we near the May 2018 effective date for GDPR, Lithium will complete its GDPR compliance measures.".... as a business we will need to have processes and procedures implemented well in advance of this date so the more information you could can provide the better.

     

    Thanks,

     

    John.

     

  • CeliaB's avatar
    CeliaB
    Khoros Alumni (Retired)
    8 years ago

    Our product management teams are currently in the planning phases for product enhancements related to GDPR compliance, and engaging in discussions with our customers to determine what features our customers would like to see.  We do not yet have any specifics in this particular area, as we have been focusing efforts to date on the rights of data subjects - the ability to obtain their personal data, make corrections, and the “right to be forgotten”. We would point out that current features of our Community and Social Media Management offerings do provide opportunity to post information about what your company is doing in the area of GDPR compliance, and to respond quickly to inquiries or other posts of social media about your compliance, but we would love to hear from you if there are features you would like to see that would specifically enhance these capabilities.

  • sgenzer's avatar
    sgenzer
    Ace
    7 years ago

    Thank you for this.  Our company is also working on this.  I am neither a lawyer, nor European, but according to our European colleagues this law is already in effect.  We are currently under a "grace period" where the law is not being enforced until May 2018.  But from what we understand, any company who is in possession of EU-citizen PII and not currently compliant with GDPR is technically breaking the law.  [source: http://www.eugdpr.org/eugdpr.org.html].  We would be happy to collaborate with other companies and Lithium so that we can get this taken care of ASAP.

     

    Scott

     

  • CeliaB's avatar
    CeliaB
    Khoros Alumni (Retired)
    7 years ago
    Hi Scott, Just to allay your concerns a bit, compliance with GDPR is not required until the May 25, 2018 deadline. Lithium intends and is actively working toward compliance by that date, and we would be happy to get any input you have to offer. We have currently been working with some of our EU customers to get their take on compliance needs, in relation to Lithium features and functions, and that has been very helpful to all parties involved. Celia
  • GrantCostello's avatar
    GrantCostello
    Guide
    7 years ago

    Hi JohnD I got the communication  below and the doc says to ‘See https://community.jivesoftware.com/docs/DOC-242231 for further details on the planned changes that Aurea is making that will affect both Jive-n and Lithium JX.’

     

    Initially the link never worked for me (unauthorized) but now it does but info it goes to is for Jive-N only. What is the correct link please. Or does this apply to JX as well?

     

    http://pages.lithium.com/index.php/email/emailWebview?mkt_tok=eyJpIjoiTkRZNFpHWXlZV1JsTTJJNSIsInQiOiJKMkcxVFgxVGlncEpUOWVESGFLZGl2YzhmY2R3RXRmeE5ZYloweFQ1SE81dkpSVUNcL2VNVVdpYUs0aW1FMWVYMUFSNGlrQWZ1eDNcLzA5djNEcFN5QnIrcVVTWGdVOTB2aUNpMW52K2x6MnY0K3JRZWI0RnBIMkxzZlB6SW9RK3JFIn0%3D 
     

     

  • CeliaB's avatar
    CeliaB
    Khoros Alumni (Retired)
    7 years ago
    Thank you for your inquiry. The changes to the Jive-n platform related to GDPR compliance will also apply to Lithium JX because they both share the same platform functionality. The Lithium JX whitepaper on GDPR compliance is available through your Lithium CSM, or email gdpr@lithium.com
  • jasondmcclellan's avatar
    jasondmcclellan
    Advisor
    7 years ago
    Great GDPR info - we can never have enough. I have been batching the .JSON files for community data for a few test users. I don't see any reference to Private Messages. Can you tell if if they are included and I missed them or they are on a future release to be included in the batch .JSON file. Thank you Jason