background pattern

The General Data Protection Regulation (GDPR) of the European Union (EU) has been in the making for seven years. The regulation that creates a single data protection regime across all member states of the EU finally came into effect on 25 May.

It is still early days to say what the interpretation of the requirements will be, but it is clear that many companies are becoming more cautious about collecting and using their customers’ data.

What does that mean for you, if you want to use data to optimize and personalize your customer experiences?

A better alternative to dropping every data-driven technology on the planet is finding vendors that are able to support your considered approach to use data in compliance with the GDPR.

Besides collecting only limited amounts of personal data on your behalf, Optimizely has taken steps to safeguard this data. We have implemented leading security and compliance programs that go beyond what is required by the GDPR principles. This includes our certifications for SOC-2, ISO and PCI. Our certifications to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks help meet the legal requirements to transfer data outside the EU.

If you choose to reduce the amount of potential personal data stored with Optimizely even further, you can take advantage of our data minimization features such as IP anonymization or setting a limited cookie expiration time.

To enable you to fulfill requests from individuals to access or delete their personal data (subject access requests), we are providing you with a user interface to manually submit a request to Optimizely. If you prefer to automate the process we will grant you access to our application programming interface (API).

We also offer GDPR-ready data processing agreements (DPA) to our customers and have appointed a Data Protection Officer (DPO) to oversee our privacy program and all GDPR efforts.

Please consult our GDPR vendor checklist for more details on the articles of the GDPR that relate to optimization, personalization and experimentation. The list also explains how Optimizely is addressing the requirements.

Taking these into consideration, you can ready yourself to use data in compliance with the GDPR to keep providing digital experiences that delight your customers.