On May 25, 2018, the EU General Data Protection Regulation (GDPR) will become effective bringing new global data protection rights for individuals in the European Union.
SessionStack supports the privacy rights of its customers and their users and is proactively working toward GDPR compliance by May 25, 2018.
We are reviewing all vendors who act as sub-processors for SessionStack data, auditing their approach to GDPR, entering into DPA's when necessary and switching providers in case they don't meet the requirements.
We're have already built features that are needed for the GDPR:
- Ability to discard IP addresses and exclude them through our UI.
- Ability to delete an individual within our UI. Currently, you can reach us at email@example.com to delete specific users.
- Retroactive deletion of specific field captures.
- Flexible monitoring mechanisms that give you control over the types of traffic and users that you want to be monitoring. You can configure SessionStack not to collect IP addresses, geo location, crashes, debug data, network data, html/textual information and anything that may contain personal data.
- Opt-out for end users.
It's crucial to note that SessionStack is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
- Data Controller - SessionStack is a controller with respect to the customers we're monitoring, interacting with any domain within our control (e.g. app.sessionstack.com).
- Processor - SessionStack is a processor with respect to the end users whose data SessionStack receives. The users of our customers.
As a customer of SessionStack, you are a data controller and SessionStack is acting as your data processor for your users. In this respect, you'll want to take the following steps:
- Perform your own research, modelling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.