GDPR (General Data Protection Regulation) & Amelia

Last Modified August 29, 2018
Updated to reflect continued monitoring

Our Lawyers Are Making Us Say This: This microsite is neither legal advice for your company in complying with GDPR/other data privacy laws nor a magnum opus on EU/EEA data privacy. What we are providing is background information to help you better understand how Amelia has addressed some important legal points. This legal content is not the same as legal advice, where an admitted attorney applies the law to your specific circumstances, and you must consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In summary, you may not rely on this microsite as legal advice, nor as a recommendation of any particular legal understanding.

GDPR Basics | Changes Within Amelia | Amelia Product Readiness | Key GDPR Changes | FAQs and Glossary

GDPR Basics

What is the GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It has been effective since 25 May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

The full text of the GDPR can be found here and a list of key GDPR terms you'll need to know can be found here.

What is the GDPR Changing?

Since 1995, the EU and EEA have had the DPD in force, which has governed data protection in the EU for over twenty years. Although the GDPR replaces the DPD on 25 May 2018, the DPD set out the eight data protection principles which have been governing the treatment of personal data by organizations since 1995. And even though the GDPR supplants the DPD, Amelia recommends you familiarize yourself with the current laws before you dive into the changes under the GDPR. If you want to read more about the 1995 Directive and eight original data protection principles, please visit our FAQ and Glossary page to learn more.

Does the GDPR apply to my company?

While the DPD governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who (a) market their products to people in the EU or who (b) monitor the behavior of people in the EU. This means that even if you’re based outside of the EU, but you control or process the data of EU citizens, the GDPR will apply to you.

The Changes Within Amelia

Amelia is continually focused on data protection and security efforts, and our GDPR compliance is part of that. During the implementation period for the GDPR — as well as in the time after the effective date, as new changes and legislation become needed — we will continually evaluate and implement new requirements and restrictions imposed by the GDPR. If we change our Terms of Service or our Privacy Policies, you’ll be notified on the Amelia website, and we’ll also be updating this page and sharing content over the coming months.

Product Changes

Our technical and security teams have made and continue to ensure necessary changes to Amelia products for GDPR compliance and to help you meet your obligations under the GDPR to the extent that you use Amelia products to collect and store EU personal data. If you are interested in any updates or important information about changes to our products, we recommend that those interested keep an eye on this page.

Our Legal Documentation

Amelia’s Legal team monitor our legal documentation (namely our Terms of Service, our Data Processing Agreement, and our Privacy Policy) to reflect any changes and to include the mandatory Data Processor provisions required by Article 28 of the GDPR. We'll keep you updated as these changes are implemented, and we'll also notify you on the relevant pages about such changes.

Data Transfers Outside the EU/EEA

Amelia Incorporated maintains a Privacy Shield certification with the U.S. Department of Commerce which ensures that adequate safeguards are in place when we transfer personal data from the EU (and Switzerland) to the US. References to our Privacy Shield certification are included in both our Terms of Service and in our Privacy Policy, as well as on our Data Transfers page. We also offer a Data Processing Agreement (including the EU-approved Model Clauses) to certain EU/EEA-based customers when needed. The good news is that the rules regarding transfers of personal data abroad don’t change under the GDPR, so we’ve already got you covered!

If you’re already an Amelia customer or partner, please contact your account manager if you have any further questions, comments, or suggestions. If you don’t yet have a business relationship with Amelia, please drop us a line via the contact us button in the right-hand corner of each page.