May 1, 2018 - GDPR Compliance at SocialChorus

This is an archived copy of an email sent to customers Tuesday May 1, 2018.

For details on current functionality, please refer to the Knowledge Base article Export or Forget a User's Data - GDPR Compliance.

---

We want to thank you for trusting us with your data. As an industry leader we will continuously work to improve our relationships with our customers, which is why we are sharing an important update about the improvements we are making to protect our customers and their data. You may have already seen an update from many of your favorite apps regarding the new data protection regulations that are coming into effect.

As you may know, May 25, 2018 is the deadline by which organizations must comply with the new General Data Protection Regulation (GDPR). GDPR is a new European Union privacy law and will affect all companies processing data from EU citizens. Preparing for GDPR is a priority for many of our customers, and we’ve made it our priority, too.

With these changes, you’ll have:

• More control over your users’ information
• Simpler messaging around how your data is used
• Terms of Service and Privacy Policy streamlined with your company's existing policies

What You Need to Do

• Update your Program's Terms of Service and Privacy Policy
• Talk with your Engagement Manager if you are unsure about compliance requirements
• Reach out to our Support Team at support@socialchorus.com with any questions or concerns about changing functionality, new features, and data

GDPR Compliance with SocialChorus Webinar

We held a webinar on May 15 at 9 am PST to discuss an overview of the requirements under the GDPR, as well as the steps SocialChorus we've taken and the new capabilities we built to address these requirements. We had experts from our Product and Security teams in attendance who answered questions customers had about these changes.

If you missed our webinar, you can watch the recording and review the slides presented here. 

New Product Features to Support Compliance

For any of our customers who must be in compliance with GDPR, we're providing the following new data privacy features as part of our overall GDPR compliance solution. These features will be enabled for GDPR-compliant programs by May 25, 2018.

• Right to be forgotten: Users will be able to reach out directly through the platform to request removal of their data, and Program Managers will be able to remove a user’s data directly through Studio.
  
  
• Data portability: Users will be able to request a copy of their data directly through the platform, and Program Managers will be able to export a user’s data directly from Studio.

These features are only required for companies who have employees in the EU. If you do not have employees located in the EU, you still have the option to enable these features for your program but are not required to do so.

Social Sharing Modification

We are modifying the way we interact with social platforms on the Web Experience to support compliance with the GDPR. You will receive a separate message detailing these changes within the coming weeks via email and SC Guide (SC Guide is no longer in use, join COMMunity to receive important product announcements).

Action Required: Your Platform Privacy Policy and Terms of Service

Our Engagement Managers have reached out regarding our support of the platform Privacy Policy and Terms of Service. As mentioned, SocialChorus will no longer provide default Terms of Service and Privacy Policy starting May 25, 2018.

Please work with your legal team to create updated Terms of Service and Privacy Policy that are GDPR-compliant and meet your company’s legal requirements before the May 25 deadline. Contact your Engagement Manager with any questions or concerns.

Our Commitment to Data Protection

We’re committed to ensuring your company and employee data is secure, and we’ve implemented technical and contractual mechanisms to support compliance.

• Security Certifications and Infrastructure: SocialChorus has invested in its security infrastructure and processes to meet GDPR requirements and industry best practices. Our security controls include data encryption, threat detection, data backup, and more. We’ve implemented a thorough incident response process and will continue to offer contractual guarantees for security incident notification.
  
  
• EU Model Clauses and Data Protection Addendums: To ensure that our customers can lawfully transfer personal data to SocialChorus from outside of the European Economic Area, we provide adequate protection through a series of intercompany agreements based on the Standard Contractual Clauses authorized under EU law. Please contact your Engagement Manager if your legal team would like to execute Standard Contractual Clauses and/or a Data Protection Addendum with SocialChorus.

Marketing Re-Opt In Reminder

For customers in the EU or UK, be on the lookout for an email from our marketing team asking you to re-opt in to receive marketing emails. Marketing emails include a company newsletter, invitations to live events such as FutureComms, webinars, new content, and more. You can also update your email preferences here.