GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) 2016/679 is one of the most powerful privacy protection laws, specifically enacted to protect European Union (EU) citizens’ data. GDPR essentially empowers EU citizens with control over their personal data.

Importantly, the GDPR applies to any company or person that processes or stores information about people who live in the European Union. In other words, your company does not need to be located in the EU to be subject to GDPR. It applies if you store data about any natural person in the EU.

The GDPR distinguishes between data 'controllers' and 'processors'. With respect to data about EU citizens, if your product or service captures and stores that data then you are likely the 'controller' of that data. You may also use other services — such as Kissmetrics — to further process and store that data. In such a case, Kissmetrics would be a 'processor' of that data.

As a controller of data, you are responsible to assure that processors of your data also meet requirements for GDPR and that those requirements are contractually obligated. Generally, this is accomplished with a data processing addendum or agreement.

Is Kissmetrics GDPR compliant?

Yes, as of March 31st, 2018 all products and services of Kissmetrics are GDPR compliant.

How can I request a user to be deleted?

You can go to the user's Person Details Page and select the "Delete Person" button in the top-right corner.

Where can I send GDPR requests not related to deletions?

For all other GDPR requests not related to deletion, please email us at [email protected].