The General Data Protection Regulation (GDPR) provides consistent standards to protect EU citizens’ rights regarding how their data is being used. It went into effect on May 25, 2018, and applies to any company that handles personal data from EU citizens and those living in the EU.
As a Processor for your user data, we are committed to making it easier for you to comply and equipping you, our customers, with more accessible paths towards your compliance with applicable laws and regulations.
Replacing the previous EU privacy directive 95/46/EC, which had been in place for over 20 years, the GDPR strengthens and expands individuals’ privacy rights in an era in which much of life takes place online.
The GDPR is extensive, affecting not just businesses based in the EU but also any company that processes EU citizens’ data. For instance, if you’re sending data about a person in the EU to Variance, the GDPR likely applies to you.
The Data Protection Principles outlined in the GDPR include requirements like the following:
We’d encourage you to read the text in full and consult with your legal counsel for a complete understanding of the GDPR.
The GDPR has different requirements depending on how your business interacts with personally identifiable user data.
Data controllers are companies that supply goods or services to EU residents, or that track or monitor EU residents and decide why and how data is collected and processed. As one of our customers, you are likely a data controller under the GDPR. One of your requirements as a data controller is to only work with compliant data processors.
Data processors are vendors or businesses that process data on behalf of data controllers. As a platform that ingests customer data, Variance is considered a data processor.
Here are initiatives Variance is committed to as one of your data processors:
If you collect data about EU residents, you are likely considered a data controller under the GDPR. One of the biggest challenges you will face as a controller will be managing individuals’ requests to exercise their rights as defined by the Regulation.
To help you comply with user requests related to the right to erasure (the right to be forgotten), the right to object (the various rights to halt certain processing), and the right to restrict processing (the right to restriction), we are developing new capabilities that will be available to all Variance customers in mid-2022:
In the interim, in order to ensure GDPR compliance, we can handle these requests on your behalf by emailing us at [email protected].
With regards to the additional rights defined in the GDPR, including the rights to access, data portability, and rectification, Variance already enables you to be compliant:
We fully support the GDPR and think it’s good to treat customers and their data with care and respect.
If you have any questions or concerns regarding GDPR and Variance, please send us a message to [email protected].