Agent Connect and GDPR

Agent Connect and GDPR: Privacy by Design

In May 2018, Europe's new General Data Protection Regulation (GDPR) comes into force, replacing the 1995 EU Data Protection Directive. GDPR unifies data protection rules across Europe and strengthens the rights of EU citizens.

In this document, we detail our approach and philosophy around GDPR compliance and lay out the reasons why you can be 100% confident partnering with Medallia in this new era of consumer privacy.

Why We Welcome the Introduction of GDPR

At Medallia, privacy has always been one of our core principles. ​We are not an analytics or advertising company and we have never have been in the business of selling consumer data. We take privacy and security into account during every step of our development process and we have had to make no technical changes to our platform to become GDPR compliant. We have introduced the required policies and procedures to help our clients remain in compliance while using our platform.

Why You Can Feel 100% Confident Partnering with Medallia

  • All Agent Connect contracts include a Data Processing Addendum (DPA), giving you the legal assurances that are required under GDPR. All data you share with us is protected through this DPA.

  • We have DPAs in place with all companies we use to process data on our behalf, and we audit those companies regularly to ensure they share our commitment to data privacy.

  • Outside of our DPA, we can also sign GDPR Standard Contractual Clauses if this is required within your privacy compliance framework. This allows for GDPR-friendly international data transfer to/from European companies.

  • We hire outside firms who use cutting-edge technologies to conduct regular penetration testing of our platform. These audits provide third-party validation of the security of your data.

  • We use advanced encryption in our databases, making it impossible for third parties to access consumer data even in the event of a breach.

  • We have processes in place for answering all data subject access requests that can arise under GDPR. We do this within a 20-day SLA that gives our clients extra time to respond to these requests.

The policies and practices we have in place around GDPR have been stress-tested by many of the world's largest and most privacy-conscious companies. Without exception, we have passed these rigorous InfoSec audits, underlining our foundational commitment to privacy and data protection.

For further information on Agent Connect's compliance with GDPR, contact privacy@medallia.com.