GDPR Frequently Asked Questions

What is the GDPR?

The General Data Protection Regulation (GDPR) is a privacy law in the EU that came into effect on May 25, 2018. The GDPR regulates how organizations can collect, store, and transfer personal data of EU individuals.

Who does the GDPR apply to?

The GDPR applies to any organization that processes personal data of EU citizens, regardless of where your company is located.

When did the GDPR go into effect?

The GDPR was passed in April 2016, and went into effect May 25, 2018. Throughout that time, LivePerson actively prepared for the measures.

What’s under GDPR?

Enhanced data privacy rights for individuals (such as the right to access a copy of one’s personal data and to request its deletion), obligations for data management by businesses, and a regime of fines for organizations that do not comply with the law.

What steps does LivePerson take to protect personal data?

As a software-as-a-service (SaaS) provider, we offer a number of state-of-the-art data protection measures, including tokenization technology on payment card (PCI) forms, automated masking of chat transcripts, and optional AES encryption for data at rest. For more information on our security measures, please visit or review our security whitepaper. You can also view our privacy policy here.

What steps has LivePerson taken to comply with GDPR requirements?

We have added features and processes to help you comply with the GDPR’s requirements. Learn more about them in our GDPR whitepaper.

I’m a LivePerson customer. How do I get a Data Protection Agreement (DPA) or GDPR addendum in place with LivePerson?

LivePerson is committed to protecting personal data that we may handle as part of our processing operations. We offer an industry standard data protection agreement that customers may sign. For our US and Canada customers, our DPA is available here. For customers in all other countries, our DPA is available here.

I’m a LivePerson customer. How can you help me delete consumer data to comply with the GDPR’s right to be forgotten requirement?

LivePerson has designed several processes and tools to help you manage requests from data subjects for access to personal data and rectification, portability and deletion of personal data. For example, check out our data deletion API here.

Does EU data need to stay in the EU?

No. Although LivePerson generally stores personal data of EU consumers on our European servers, the GDPR allows personal data to be transferred outside of the EU if adequate data protection measures are in place. Any LivePerson transfer would be pursuant to a valid transfer mechanism that protects the data once it leaves the EEA, such as a Data Protection Agreement (DPA) including the standard contractual clauses approved by the European Commission.

How does LivePerson ensure its vendors comply with the GDPR?

As part of our GDPR compliance, LivePerson regularly reviews the privacy compliance of vendors that handle personal data on LivePerson’s behalf. We are also working to ensure that all contracts with vendors that process EU personal data are supplemented with our vendor GDPR addendum. You can find more information about the service providers we use to help deliver the best LiveEngage experience to you here.

I’m a LivePerson vendor. What do I need to do?

For LivePerson vendors that process EU personal data, please sign our GDPR addendum available here.

Who can I contact if I still have questions about data security or GDPR compliance?

Please contact your LivePerson account manager, who will be happy to help answer your questions, or contact us at

How do I contact LivePerson’s Data Protection Officer (DPO)?

Any inquiries or complaints regarding our data privacy practices may be directed to or to our external DPO Prof. Dr. Christoph Bauer at ePrivacy GmbH at Große Bleichen 21, 20354 Hamburg, Germany.

Who is LivePerson’s EU and UK Representative?

LivePerson’s EU Representative is its LivePerson Netherlands B.V. entity located at Herengracht 124, 1015BT Amsterdam, The Netherlands. Further, LivePerson’s UK Representative is its LivePerson (UK) Limited entity located at 16 Great Queen Street, London EC2B 5DG, United Kingdom.