Frequently Asked Questions

Expand All

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new privacy law in the EU that comes into effect on May 25, 2018. The GDPR regulates how organizations can collect, store, and transfer personal data of EU individuals.

Who does the GDPR apply to?

The GDPR applies to any organization that processes personal data of EU citizens, regardless of where your company is located.

When does the GDPR go into effect?

The GDPR was passed in April 2016, and goes into effect May 25, 2018. Throughout that time, LivePerson has been actively preparing for the new measures.

What’s new under GDPR?

Enhanced data privacy rights for individuals (such as the right to access a copy of one’s personal data and to request its deletion), obligations for data management by businesses, and a new regime of fines for organizations that do not comply with the law.

What steps does LivePerson already take to protect personal data?

As a software-as-a-service (SaaS) provider, we already offer a number of state-of-the-art data protection measures, including tokenization technology on payment card (PCI) forms, automated masking of chat transcripts, and optional AES encryption for data at rest. For more information on our security measures, please visit www.liveperson.com/security or review our security whitepaper. You can also view our privacy policy here.

What steps has LivePerson taken to comply with new GDPR requirements?

We have added new features and processes to help you comply with the GDPR’s requirements. Learn more about them in our GDPR whitepaper.

I’m a LivePerson customer. How do I get a data processing agreement (DPA) or GDPR addendum in place with LivePerson?

LivePerson is committed to protecting personal data that we may handle as part of our processing operations. We offer an industry standard data protection agreement that customers may sign. For our US and Canada customers, our DPA is available here. For customers in all other countries, our DPA is available here.

I’m a LivePerson customer. How can you help me delete consumer data to comply with the GDPR’s right to be forgotten requirement?

LivePerson has designed several processes and tools to help you manage requests from data subjects for access to personal data and rectification, portability and deletion of personal data. For example, check out our data deletion API here.

Does EU data need to stay in the EU?

No. Although LivePerson generally stores personal data of EU consumers on our European servers, the GDPR allows personal data to be transferred outside of the EU if adequate data protection measures are in place. Any LivePerson transfer would be pursuant to a valid transfer mechanism that protects the data once it leaves the EEA, such as a data processing addendum (DPA) and the EU-U.S. and Swiss-U.S. Privacy Shield Certifications.

How does LivePerson ensure its vendors comply with the GDPR?

As part of our Privacy Shield compliance and GDPR readiness program, LivePerson regularly reviews the privacy compliance of vendors that handle personal data on LivePerson’s behalf. We are also working to ensure that all contracts with vendors that process EU personal data are supplemented with our vendor GDPR addendum.

I’m a LivePerson vendor. What do I need to do?

For LivePerson vendors that process EU personal data, please sign our GDPR addendum available here.

Who can I contact if I still have questions about data security or GDPR compliance?

Please contact your LivePerson account manager, who will be happy to help answer your questions, or contact us at privacy@liveperson.com.