Our Data Processing Amendment (DPA) for customers is available by reaching out to your account manager or firstname.lastname@example.org.
The General Data Protection Regulation, or “GDPR”, is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. The GDPR is a comprehensive privacy regulation that sets forth the rules for processing the personal data of individuals in the EU (“data subjects”) and the rights of data subjects with respect to their personal data. The GDPR becomes effective on May 25, 2018.
Any information relating to an identified or identifiable natural person in the EU is considered personal data under GDPR. An identifiable person is one who can be identified directly or indirectly, particularly by reference to an identifier such as name, email address, identification number, or location, as well as online identifiers such as IP address.
GDPR applies to both data controllers and processors. A data controller is the party that collects personal data from the data subject for a stated purpose and with the data subject’s consent. A data processor provides services to the controller according to the controller's instructions.
First, organizations subject to GDPR need to determine the way(s) in which GDPR applies to them (e.g., whether the organization is a controller and/or a processor). Second, if GDPR applies, organizations need to review their products, services, systems, practices, policies, and procedures to ensure that they comply with applicable GDPR requirements, including the ability to comply with enhanced data subject rights under the GDPR.
We have undertaken the following actions in connection with GDPR compliance:
- Modifying our products to reduce collection of personal data and ensure compliance with GDPR requirements for processing personal data.
- Making sure our data deletion practices comply with GDPR’s right of erasure requirement.
- Providing a simple means of deleting, modifying, and exporting the personal data of data subjects for our customers using Audience and Gallery.
- Updating product design policies to ensure our engineers are building products with privacy principles in mind.
- Updating our privacy policies to keep our website visitors and customers informed of how we may collect and use their information.
- Entering into Data Processing Amendments with current customers and vendors to reflect the parties’ GDPR security obligations and privacy requirements.
- Reviewing our marketing practices to ensure we are communicating with prospects and customers in a manner that respects their rights under GDPR.
- Reviewing our security practices to ensure that the personal data we process on behalf of our customers, through their use of our services, is adequately protected.
- Certifying to Privacy Shield, as a reflection of our commitment to our customers, that we maintain adequate safeguards for transfer of personal data from the EU to the US.
Finally, while GDPR has driven our evaluation and enhancements, the EU’s ePrivacy Regulation is still being finalized, so further updates and changes may be made to ensure continued compliance with privacy regulations that apply to Brightcove’s provision of services and marketing practices.