DigitalGenius Commitment to Privacy and GDPR

The General Data Protection Regulation (GDPR), due to become effective this month on May 25, 2018. This is an extremely important legislation which will unify and strengthen the protection of personal data for people residing within the member states of the European Union. DigitalGenius has worked on multiple fronts to ensure that our platform is fully compliant with the GDPR.

We believe that the GDPR provides better protection and control for individuals in the EU over their data, harmonize these protections throughout the EU including the United Kingdom, and facilitate the free flow of personal data within the European Economic Area (EEA).

DigitalGenius has been committed to the privacy of end users since its early days. We have designed our AI technology platform to focus on what end users ask rather who end users are, allowing our customers to continually learn from their customers without sacrificing end user identity or personal data. By creating a solution that learns without requiring personal data we’re helping major brands address support inquiries faster and more accurately while providing them with the ability to reduce risk from sharing sensitive data with external partners.

We also recognise that some of our customers are sensitive about sending data outside of the European Economic Area (EEA) and therefore have located servers within the EEA to provide that additional peace of mind.

• DigitalGenius and Personal Data in the age of GDPR
• How DigitalGenius Addresses GDPR Compliance
• Who should DigitalGenius customers contact?
• I’m new to the GDPR and would love more details on what it is.

DigitalGenius and Personal Data in the age of GDPR

DigitalGenius has built a platform that protects the privacy of end users while allowing them to contribute to building systems that better serves their needs. While our main role under the GDPR is as a data processor, and in such we are committed to processing data as instructed by the data controller, we also instruct our customer to strip any identifying personal data before sending data to our platform as it is unnecessary. We handle all data equally, with the utmost care and security considerations. DigitalGenius employs security and privacy by design programs in order to adhere to industry regulations and best practices. We use end-to-end encryption, and follow industry standard security protocols including policies and processes which are aligned with ISO27001. We do this because we value our customers (and their customers) rights to privacy. We serve clients around the world, and compliance with and to international law and regulations are paramount.

How DigitalGenius Addresses GDPR Compliance

Perhaps the most important feature of our platform with regards to GDPR revolves around our understanding of personalization. We have designed a deep learning AI based on the notion that personalized does not necessarily mean knowing who a person is, but rather focusing on the true nature and attributes of their inquiry.

Our deep learning AI focuses on understanding priority, sentiment, and case detail of the inquiry rather than profile the user who is asking the question. We believe that aside from protecting the privacy of users, this is also a more effective approach to providing efficient customer service.

We are improving anonymity within our tools and reducing overall retention times to ensure that personal data isn’t stored for longer than it is allowed or necessary for processing. We’re also working on interfaces that will allow you to address requests from your customers related to their rights for accessing any personal data that might stored in your DigitalGenius account. DigitalGenius has also updated our standard Data Processing Agreement (DPA) to ensure that it is aligned with GDPR requirements, and signed the appropriate DPAs with our vendors and sub processors.

Lastly, DigitalGenius is certifying with the US-EU Privacy Shield program to ensure that our customers choosing to utilize our United States based servers are able to transfer data in compliance with GDPR requirements.

Based on the research conducted by both our inside and outside counsels we are confident these changes will address the requirements of GDPR. We will communicate these changes in detail around the first of the year.

Who should DigitalGenius customers contact:

As a DigitalGenius customer you may always request your representative to provide additional information on GDPR and Privacy related information and features, or you may contact us.

I’m new to the GDPR and would love more details on what it is

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

In summary, here are some of the key changes to come into effect with the upcoming GDPR:

• Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
• Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
• Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
• New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
• Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.

If you have any questions, please don’t hesitate to contact us