Never miss an episode!  Subscribe to the podcast on iTunes.

SUBSCRIBE NOW

Frequently Asked Questions on GDPR + Unbounce

This page isn’t the be-all-and-end-all on EU data privacy, nor should you consider it legal advice. This is meant to provide background information and help you better understand Unbounce’s strategy to comply with the GDPR.

More Resources

Official Publications Office of the European Union

Learn more  

Data Protection Reform infographic

Learn more  

An overview of the General Data Protection Regulation

Learn more  

Reform of EU data protection rules

Learn more  

Data transfers outside the EU

Learn more  

Check out our Security page

Learn more  

“More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed.”

Never miss an episode!  Subscribe to the podcast on iTunes.

SUBSCRIBE NOW
What is the GDPR?
The General Data Protection Regulation (GDPR) is the most comprehensive update to the European Union’s data privacy regime since 1995, replacing the Data Protection Directive, and implementing a single regulatory system for all EU Member States. This means that there will be new rules to follow when it comes to collecting, tracking, or handling EU-based prospects’ and customers’ personal data.  
What are the key changes brought by GDPR?
  • Harsher penalties
    Organizations that violate the GDPR can be fined up to 4% of their annual global turnover or €20 million (whichever is greater).
  • Extended user consent
    Consent must be given in an easily understandable way, and it must be as easy for people to withdraw consent as it is to give it.
  • Right to access
    The right for a person to transmit their data to another data controller (such as another business).
  • Data portability
    The right for people to seek confirmation as to whether or not their data is being processed, where, and for what purpose.
  • Breach notification
    It will be mandatory to notify their national Data Protection Authorities of a breach wherever a data breach is likely to “result in a risk for the rights and freedoms of individuals,” and companies must do this within 72 hours of becoming aware of the breach.
  • Privacy by design
    Businesses that handle EU data must only collect information from people when it’s absolutely necessary, must integrate technical safeguards, and must limit third parties’ access to personal data in their data processing.
  • Right to be forgotten
    People are entitled to have their personal data erased if they withdraw consent, or if their data is no longer relevant to the original purposes for which it was collected.
  • Territorial scope
    The GDPR applies to all companies that control and process EU data, regardless of their physical location.
Does the GDPR affect me?
If you have customers in the EU, plan to have customers in the EU, or process EU personal data, the GDPR may apply to you. 
What will the GDPR change for data security?
Quite a few things, from higher standards for protecting sensitive data, to harsher penalties for breaking the rules. For more information, check out our GDPR page!
What do I need to do to become GDPR compliant?
There may be a few things you need to do to ensure you comply with the GDPR. We recommend you check out the official EDPS (European Data Protection Supervisor) website, which provides a comprehensive overview of the GDPR and steps you need to take to become GDPR compliant.
If Unbounce is GDPR compliant, does this also mean that my business is GDPR compliant because we are an Unbounce client?
At Unbounce, all the data you collect on your Unbounce landing pages, sticky bars and popups will be GDPR compliant by May 25, 2018. However, we cannot confirm that the data collected and processed outside of our platform is GDPR compliant.

We strongly recommend that you seek further information from your legal counsel or your country's data supervisory authority to ensure you understand what steps you need to take (if any) to become fully GDPR compliant.

Are all of Unbounce’s integration partners GDPR compliant? Or will they be by the due date?
We are pleased to confirm that a number of our integration partners are taking proactive steps to become GDPR compliant by May 25, 2018. With this in mind, however, we strongly recommend that you reach out directly to each of the integration partners you are using to confirm they are GDPR compliant, as Unbounce is not liable for the GDPR compliance of any third party to which you choose to send personal data.
When will Unbounce be GDPR compliant?
Unbounce takes data privacy and security very seriously; we are taking proactive steps to become fully GDPR compliant by the deadline of May 25, 2018.
What steps is Unbounce currently taking to become GDPR compliant?
Unbounce is currently taking the following steps to become GDPR compliant:
  • Evaluating our technical and organizational measures to protect personal data, and updating security processes where needed;
  • Storing customer lead data in the European Union (EU);
  • Signing Data Processing Addenda (DPAs) with our customers (available now upon request, in both English and German);
  • Evaluating our third-party processors/sub-processors for GDPR compliance, and signing DPAs with them;
  • Ensuring detailed records of data processing;
  • Improving our lead deletion system in order to comply more easily with data subject access requests; and
  • Appointing a Data Protection Officer before May 25, 2018.
Will the GDPR affect my ability to collect lead data and/or valuable information to my business?
No, as long as you do so in a manner that is compliant with the GDPR. For further details, we recommend that you refer to the EDPS (European Data Protection Supervisor) website.
Where does Unbounce store its data?
At present, Unbounce stores lead data in its AWS data centers in the United States (US). However, by May 2018, we will be storing customer lead data in the European Union (EU).
What data is Unbounce collecting from landing page visitors besides their IP?
In addition to IP address, Unbounce may collect the date and time visitors land on your pages, browser signatures, operating system, and device type. For more information on the types of data we collect and how we may use the data, please see our Privacy Policy.
Will businesses that are not based in the EU need to be GDPR compliant?
Any business that collects, processes or handles data from the EU will likely need to comply with the GDPR regardless of whether they are physically located within the EU. This said, we are not able to provide legal advice and highly recommend that you refer to your legal counsel or an applicable data supervisory authority for full details on whether you will need to comply to the GDPR.
How will the GDPR impact UK-based businesses?
Until March of 2019, the UK remains an EU member state, so GDPR compliance applies to business based in the UK, or those collecting and processing data from the UK.
unbounce