On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect. GDPR is a set of data privacy laws across Europe that are designed to protect EU citizens’ data privacy and reshape the way organizations approach data privacy.
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) will go into effect and enforcement will begin July 1, 2020. The CCPA is a California privacy law that is applicable to businesses doing business in California and that meet one of three revenue thresholds. It also applies to service providers of those businesses, who are defined under the CCPA as a company handling PI on behalf of a business, for a business purpose.
The following is an update on Khoros’s compliance efforts as they relate to the GDPR and CCPA:
We have worked with outside EU counsel to ensure we are correctly interpreting how the GDPR affects Khoros specifically, and to ensure we are handling EU personal data correctly. For example, we confirmed our interpretations of consent requirements and other legal bases for processing personal data and exporting personal data from the EEA with our EU counsel.
Additionally, Khoros has been working with outside U.S. counsel to ensure we are compliant with the CCPA. One important point to make clear is that Khoros will never sell our customers’ personal information for any reason at all and we will contractually agree to the same.
Khoros has updated its DPA template to expand its scope not just to EU personal data, but to PI covered under the CCPA also. Our DPA template also contains all the necessary GDPR flow-down provisions and accurately reflects the processes used by Khoros to comply with privacy laws. We would be happy to provide you a copy to make it easy for you to check the box in regards to your own GPDR/CCPA compliance efforts.
Khoros is continually examining and documenting our internal processes and any aspects of our product portfolio that relate to personal data handling, not just to ensure regulatory compliance, but more importantly to achieve best practices and satisfy our customers’ needs.
If you’re looking for more information, I’ve included links below to our product specific FAQs, privacy policies, details on our subprocessors, and the official sites for GDPR and CCPA. And I know this is complicated, so if you have specific questions, please leave them in the comments and I’ll make sure they get addressed.