GDPR Compliance

Since our first ISO 27001 certification in 2015 to the many Outreach features that help enable our customers to meet their GDPR obligations - Outreach has your back! This article outlines the key principles and Outreach’s recommendations to our customers to help you meet your GDPR obligations. You can visit our GDPR page and FAQ for more details on our recommendations for customers and what Outreach has done to comply with GDPR.

 The information contained in this article and on our website does not provide legal advice and should not be used as such. We recommend you consult with the appropriate legal counsel for that purpose.

What is the GDPR? 
GDPR is a new set of data privacy regulations designed to harmonize various data privacy laws across the EU to create a common set of regulations for protecting EU residents’ personal data. GDPR not only applies to companies that process the personal data of protected individuals, and have a presence in the EU (e.g. offices or establishments), but also to companies that do not have any presence in the EU but target the European market. Customers, including non-EU based customers, should carefully assess whether they are subject to the GDPR. If your company determines that you are subject to GDPR Outreach will provide you with our latest Data Processing Agreement (DPA) to satisfy the contractual requirements of GDPR.

Outreach Security & Feature Updates for GDPR 
A core component of GDPR is ensuring that your data processors i.e. Outreach, implement security best practices for safeguarding personal data. Outreach already has a number of these security and privacy mechanisms in place. In addition, we have updated the Outreach platform to help you meet your GDPR obligations. 

Key highlights include:

• Compliance with key industry standards: ISO 27001 and U.S.-EU Privacy Shield framework
• Built-in support for encryption (in-transit and at-rest)
• Ongoing penetration testing through our bug bounty program
• Product features to control access to data on the Outreach platform includingGovernance and SSO
• Product features to support data subject requests including selective CSV Export and Prospect data deletion
• From a marketing perspective, Outreach ensures that all EU users have opted-in to receive any correspondence from us and that they have the ability to delete their information at any time.

Data Controller vs. Data Processor Responsibilities: 
Finally, your company acts as the Data Controller of all data sent to Outreach for processing. Outreach is most likely just one of your Data Processors. In addition to the built-in capabilities mentioned above we have developed procedures to assist you in your Data Controller obligations regarding the handling of the personal data. 

Please visit our GDPR page and FAQ for more details on our recommendations for customers and what Outreach has done to comply with GDPR.