Exponea becomes the first GDPR-certified SaaS company in the world

Global software firm announces it has achieved independent certification from external auditors LL-C certification for the General Data Protection Regulation (GDPR) which comes into force on May 25th 2018

by News Reporter on 24 April 2018 07:39


Exponea, one of the world’s fastest growing software as a service (SaaS) Experience Cloud companies, has announced it has been certified as compliant with the incoming General Data Protection Regulation (GDPR). The company chose independent auditing company company LL-C to conduct the certification.

LL-C Certification has previously certified Exponea to ISO 27001 and ISO 9001 standards in 2017. The certification enables all Exponea customers to use the platform, safe in the knowledge that its omnichannel communications capabilities remain in full compliance with the European Union’s strict data protection regulations, which come into force on 25th May 2018.

The certification process, which was completed in March 2018, included complete auditing of documentation, assessment of anonymised data, security standards, software architecture, disaster recovery and business operations.

Exponea believes that working with GDPR-certified providers will now become mandatory for organisations which operate with an e-commerce business model, particularly because of severe financial penalties for those who fail to adhere to the regulations. It is important to note that the certification process has not yet been accredited. However, the certification standard (ISO 17065) is specified in GDPR as one of two options for certification. Data Protection Authorities in all EU member states are expected to harmonise the accreditation system with this standard.

In an article published by The Commentator today, Peter Irikovsky, CEO, Exponea warns that certification is the only way to navigate the GDPR 'minefield' of complex legislation. 

Commenting on the newd that the company is now officially certified, he said, “The implementation of the GDPR will send shockwaves through the ecommerce industry, with many companies quickly discovering they are in breach of the strict compliance rules and potentially facing significant fines.

“As a provider of software as a service, we believe independent accreditation is the only way to ensure customers are certain they are operating within the rules of this incoming data protection legislation. This new standard will set the benchmark for companies seeking to deliver compliant customer communications, protecting consumers and companies from data security and privacy risks, as well as penalties.

“I recently had 1:1 conversations with a few CMOs of some of the biggest SaaS companies in the world and was shocked that they admit GDPR is handled primarily by marketing and legal teams. Knowing how difficult it is to comply with Privacy by Design, I’d urge businesses to do an in-depth verification that GDPR is a priority of their vendors, otherwise they face significant risk in case of audit, or even worse, data privacy breach”.

blog comments powered by Disqus