Effective Date: December, 2017
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect. We believe this presents a new opportunity for marketers to strengthen their brand loyalty by focusing on consumer privacy while delivering amazing experiences. Think of it as experiential privacy — having privacy be a key part of the customer experience, through relevant privacy notices presented in context and choices that are on brand.
dotCMS either already meets or is implementing our obligations as a data processor. We have a strong foundation of certified security and privacy controls by design and will continue to make product enhancements in advance of the May 25, 2018 deadline. Enterprise customers will have the responsibility to implement these enhancements, as well as update any necessary policies and procedures.
We’ve implemented a set of certified security processes and controls to help protect the data entrusted to us through the dotCMS Security and Privacy Policies. This helps us comply with several security and privacy certifications, standards, and regulations, including SOC-2, ISO 27001, and the EU-U.S. Privacy Shield.
Our mission is to help you responsibly unlock the power of data. dotCMS has a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.” For example, dotCMS has the ability to obfuscate Internet Protocol (IP) addresses and allow individual-level opt-outs.
dotCMS is aligned to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks for customer-related data. This provides our customers with the option of relying on these frameworks or entering into Standard Contractual Clauses (also known as EU Model Clauses) for the transfer of data from the EU to the U.S.
dotCMS has updated our agreements with customers and vendors to account for GDPR requirements.
dotCMS is working to more formally document the privacy practices we have in place to comply with the enhanced record keeping requirements.
dotCMS is constantly listening to its customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs. We have created the office of Chief Information Security Officer to focus on providing the mandated requirements of the GDPR, and to allow the product to maintain the utmost standards to security and privacy of consumers.