The GDPR and Corevist
The GDPR is now law, both in the EU and for companies outside the EU that handle the data of EU residents. Months of preparation are over. For the Corevist team and our clients, we have good news—Corevist is fully GDPR compliant.
But what does that mean? What have we done at Corevist to ensure our GDPR compliance?
The GDPR affects Corevist in two main areas: our product and its use by our clients, and our marketing endeavors. Here’s a high-level overview of what we’ve done in each area to meet the requirements of the GDPR.
Corevist Commerce is Fully GDPR Compliant
As we’ve explained in a previous post, Corevist functions as a data processor, not a data controller. Corevist’s clients maintain ownership and control over the personal data that is generated under our ecommerce services.
Consequently, our GDPR compliance requires clear language in our contracts with clients regarding how we function as a data processor. To achieve compliance on our part, we shared a Data Processing Addendum (DPA) with both our clients (the controllers) and our subprocessors for them to sign before GDPR went into effect.
Corevist Marketing is GDPR Compliant
Corevist’s marketing endeavors also fall under the GDPR. We collect personally identifiable information from decision-makers at B2B companies who are seeking an SAP ecommerce solution. That data collection and retention falls under GDPR when the individual is a resident of the EU.
We’re happy to announce that Corevist’s marketing initiatives are fully GDPR-compliant. Here’s what we’ve done to ensure compliance in our marketing department:
- Communicated this update to all contacts in our CRM system.
- Implemented a checkbox on all contact forms, with clear indication that we will use contact information for marketing purposes, so that we have informed consent.
- Updated our CRM systems to capture and record informed consent.
If you have any questions about Corevist’s GDPR compliance, please contact us. We’ll be happy to answer your questions.