Data protection is of paramount importance to all of us at Exponea and we want our clients to know that their, as well as their customers’ data, is completely secure in Exponea.
To set the bar as high as possible, the first step toward this goal is full GDPR compliance.
Over the past several months we’ve undergone a series of successful audits, spanning from ISO certifications (9001, 27001, 27017 & 27018) and a culmination of a GDPR compliance certification by an international certification authority LL-C, making Exponea the first SaaS company in the world to be GDPR certified.
We don’t take our commitments lightly and one of our quarterly objectives for Q2 2018 is to prepare a rigorous personal GDPR certification program with a minimal passing percentage of 90%.
The first version of our internal certification, which was co-authored by Exponea’s DPO, Lenka Gondova, ensures that everyone who passes it will have a strong grasp of GDPR fundamentals and will adhere to security standards when operating with data or advising our clients.
During the first round of testing, the following Exponeans passed!
So you get a better idea of the areas which were tested, here are 3 sample questions out of 45:
- Is it good practice to use raw email as a unique identifier?
- Is it compliant to provide un-personalized (general offer, sale) email to your past customer (made purchase) without gaining additional consent before/after purchase?
- Can you track basic events (session_start, page_visit) even after cookie/tracking consent is rejected?
Our plan is to streamline and extend the personal certification process, so we can offer it to our clients, and as such, help them educate and ensure that their employees have a strong fundamental knowledge of GDPR in its theoretical and practical aspects.
GDPR is just our starting line and we aim to go well beyond what’s required: