GDPR news for Corevist clients
The European Union’s GDPR (General Data Protection Regulation) will go into effect on May 25, 2018. All companies that process the data of EU citizens must comply with the regulation or potentially face stiff penalties. This is true even when that processing happens outside the EU.
For Corevist clients, it’s imperative to understand how GDPR affects your business. Corevist recognizes its role as a critical processor in your eCommerce stack and is committed to meeting the GDPR compliance requirements accordingly.
In this post, we’ll discuss GDPR compliance at Corevist and give you a timeline for our portion of your GDPR compliance.
NOTE: This post is the first in an ongoing series on GDPR. Please subscribe to the blog to make sure you get every article on this critical topic.
First off–please take 30 seconds to answer this 2-second survey on your GDPR compliance. This is a crucial step in helping us to better serve you in this area.
Corevist’s GDPR commitment
At Corevist, we take full ownership for the portion of your eCommerce stack which is outsourced to us. We are 100% committed to the full compliance as a critical processor. In the case of clients who have unique or custom functionality that deviates from our core product, we are 100% committed to ensuring the compliance of that custom functionality as well.
Corevist’s GDPR timeline
At Corevist, we have been hard at work researching GDPR and the ways in which it will affect the Corevist Commerce stack. We want to ensure that our role as a processor is GDPR-compliant. We’ve established the timeline below to ensure that we cover our responsibilities before the deadline of May 25, 2018. (However, note that there are many pieces to our clients’ GDPR compliance which we’re not involved in. It remains our clients’ responsibility, as the data controller, to ensure their total GDPR compliance.)
- February 15, 2018: Corevist internal research is complete. We have a full picture of our responsibilities as a processor for our clients and how that will affect GDPR compliance.
- March 1, 2018: We present a roadmap to each client to support their GDPR compliance initiatives as one of their critical data processors. Compliance may require customization.
- April 1, 2018: Work begins on client-specific GDPR compliance customization.
- May 15, 2018: Client-specific GDPR customization projects are complete, and Corevist has covered its portion of GDPR compliance responsibility as a critical processor.
This is the timeline which we are offering to our clients, and to which we will hold ourselves accountable. Any clients who want to accelerate their timelines should contact us immediately.
Understanding GDPR penalties
Along with its data protection regulations, GDPR establishes 2 levels of violation. Each level has its own threshold:
- Level 1–up to €10 million or 2% of worldwide annual revenue, whichever is higher.
- Level 2–up to €20 million or 4% of worldwide annual revenue, whichever is higher.
It’s important to note that the amount of fine levied against companies in violation is dependent on many factors. These figures are simply the upper limit of what the law allows.
Corevist marketing: Fully GDPR compliant
It’s important to note that Corevist Commerce isn’t the only aspect of our business that falls under GDPR regulation. Our marketing program collects the contact information of individuals who are looking for SAP ecommerce solutions for their companies. We are happy to announce that our marketing efforts, including our CRM and marketing automation programs, are already fully GDPR-compliant.
Moving forward: Stay up to date with GDPR
As trusted advisors in your SAP B2B ecommerce operation, we are fully committed to our GDPR compliance. We want to pass on our knowledge to you. For more information, please subscribe to the Corevist blog. We’ll share best practices for SAP ecommerce, including GDPR compliance.