en DE RU
Request Demo
Bloomreach Acquires Exponea. Learn more

Table of Contents
    Listen this article on:

    Exponea Becomes the First SaaS Company to Get GDPR Certified by LL‑C

    Apr 25, 2018 Zuzana Tomascikova 2 min read

    Exponea, AI-enabled marketing automation platform, enhancing data analytics for e-commerce clients like Misguided, became European pioneer in GDPR certification issued by LL-C.

    In the wake of data privacy scandals, toppled by the recent ICO fines to Flybe and Honda for sending unwanted emails ill-prepared for GDPR, an independent audit of companies controlling and processing data could be not just a good idea, but a necessity. With 33% of global businesses still unready for the looming legislation, valid GDPR certifications could see a surge of interest especially in E-commerce due to the nature of their business and possible risks to their reputation.

    GDPR is a legislation with teeth and has an impact on all companies that control and process data. According to GDPR, data controllers (like E-commerce) are responsible to pick a secure data processor (SaaS/marketing cloud), whom they pass the data for further profiling.

    That is why data processors like Exponea, an advanced data management platform empowering E-commerce, got audited by LL-C – an independent organisation that proved its competence by international standards and operates in 55 countries.

    There are many certification schemes that offer assurance. However, none is specified in the GDPR like the system of product certification according to Regulation (EC) No 765/2008. This is what makes the GDPR certification unique.

    “To audit Exponea, LL-C followed the same product certification procedures applied to the issuance of the accredited ISO/IEC 17065/2012 certification,” explained Lenka Gondova, who consulted Exponea in its preparation for GDPR as its DPO. “Exponea then followed the mechanisms of getting a certification defined in the GDPR legislation,” she added.

    • The GDPR certification is valid for three years with an annual surveillance audit.
    • The main risks linked to the new data subject rights spin around unclear permissions to collect and process personally identifiable information (PII), and gray areas in the legislation when data processing can be justified on the basis of legitimate interest without a previous consent.
    • The biggest challenge for a data processor like Exponea is to be technically able to handle any request from its end customer prescribed by GDPR data subject rights – whether it is data deletion, anonymisation, data download or objection to customer data processing.

    All the GDPR work does not end with May 25th – it is an ongoing process. There will be new explanations by authorities, first warnings, reprimands and fines. Even certified companies will need to stay up to date.

    Read GDPR e-book

    Watch Exponea demo video!
    Explore the Customer Data & Experience Platform B2C Leaders Love to Use

    MISSGUIDED Victoria Beckham Desigual
    ebuyer River Island

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close
    We use cookies to optimize our communication and to enhance your customer experience. We also share information about how you use our website with our third parties including social plugins and analytics. You consent to our use of cookies if you continue to browse our website. You can opt out of our cookie use on the Do not Sell my Personal Information page. For more information please see our Privacy Policy.