Solicite una demostración

INDUSTRIES

Thought leadership, education and events from Medallia.

Learn More
close
Solicite una demostración

gdpr_blade2

Medallia & GDPR

Ensure data privacy, security and accuracy across your CX programs

The European Union’s General Data Protection Regulation (GDPR), which becomes effective in May 2018, requires companies to be accountable for how they use, manage and maintain the personal data of their customers and employees.

Find out more here.

WEBINAR

Effective Survey Programs Under GDPR

Learn about your options for selecting a legal basis for processing personal data in your CX program under the upcoming General Data Protection Regulation (GDPR).

Sign Up

Setting the bar for CX data protection

We provide our clients with enterprise-grade controls to manage, govern access and ensure security of personal data housed in Medallia Experience Cloud.

GDPR_page_illustration-01

Personal data privacy

All personal data or personally identifiable information (PII) in Medallia Experience Cloud can be cataloged and masked so that is only viewable through specified access rights. With this feature, customers can be assured that personal data or PII data can be viewed only by those staff or markets who have a need to know. This allows customers to retain data in Medallia Experience Cloud over time so that they can realize the power of Medallia’s reporting platform.

GDPR_page_illustrations

Full service data management

Medallia Experience Cloud automates GDPR compliant deletion of customer or employee data for customers who receive “right to be forgotten” requests. Medallia’s reporting application also provides flexible options for data export and modification that comply with GDPR.

GDPR_page_illustrations_sheet

Compliance reporting

Medallia provides reports to substantiate data deletion compliance. Our aim is to automate and ease the burden of GDPR compliance verification, assuring our clients’ legal and compliance departments that we’re a safe place to store data.

GDPR_page_illustration-folder

Data retention

Medallia purges personal data from internal processing systems to minimize the data we retain per GDPR Article 5. Our reporting system retains customer data until our clients delete it or end their relationship with Medallia Experience Cloud.

Additional Ways We Support Data Privacy

Certified security

Medallia has implemented extensive security programs for protecting our clients’ data, including ISO 27001, SOC 2, ISAE 3000 security certifications and FedRAMP Ready.

Data protection

Medallia Experience Cloud supports industry standards such as OAuth 2.0 for authentication to APIs. Information exchanged over the wire is encrypted with TLS for all services (HTTPS, SFTP).

Data access controls

Medallia supports Single Sign-On (SSO) using SAML 2.0. Medallia also supports two-factor authentication, using Time-based One-Time Password (TOTP) as the second authentication factor.

GDPR DPA

Medallia offers a data processing agreement (DPA) that includes the European Commission's model clauses, with updates to specifically address GDPR requirements. To obtain a copy, contact your Medallia engagement representative.

Privacy Shield

Medallia is certified under the Privacy Shield with respect to the data it receives of European and Swiss individuals in its SaaS platforms. Our certification can be viewed here.

Opt-Out

Medallia provides opt-out links in its email survey invitations, and we honor SMS requests to stop communications. These prevent additional survey requests to our clients’ customers who do not want further communications.

Got questions on GDPR?

Medallia can provide our clients with support for inquiries or assessments that their internal privacy office or external auditors may conduct. Don’t hesitate to contact your engagement manager to find out more about how we’re helping keep your data private, accurate and secure.