GDPR
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will become effective bringing new global data protection rights for individuals in the European Union.
SessionStack supports the privacy rights of its customers and their users and is proactively working toward GDPR compliance by May 25, 2018.
Vendor Audit
We are reviewing all vendors who act as sub-processors for SessionStack data, auditing their approach to GDPR, entering into DPA's when necessary and switching providers in case they don't meet the requirements.
Product Roadmap
We're have already built and are currently building features that are needed for the GDPR:
- Ability to discard IP addresses and exclude them through our UI.
- Ability to delete an individual within our UI. Currently, you can reach us at [email protected] to delete specific users.
- Flexible monitoring mechanisms that give you control over the types of traffic and users that you want to be monitoring.
- Retroactive deletion of specific field captures.
What You Need to Do
It's crucial to note that SessionStack is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
- Data Controller - SessionStack is a controller with respect to the customers we're monitoring, interacting with any domain within our control (e.g. app.sessionstack.com).
- Processor - SessionStack is a processor with respect to the end users whose data SessionStack receives. The users of our customers.
As a customer of SessionStack, you are a data controller and SessionStack is acting as your data processor for your users. In this respect, you'll want to take the following steps:
- Ensure your Terms of Service and Privacy Policy are up to date with the GDPR requirements. If you're already using any other analytics tool such as Google Analytics, MixPanel, Intercom, or hundreds of others - you have likely already placed such a disclosure on your website. SessionStack collects the same type of data as those tools.
- Perform your own research, modelling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
Updated over 6 years ago