The EU General Data Protection Regulation (GDPR)

The GDPR is important new legislation that is designed to strengthen and unify data protection for all individuals within the European Union. The regulation will become effective and enforceable on May 25th, 2018. Improvely is fully committed to helping its customers comply with the GDPR.

What is GDPR?

In 2016, the European Commission approved the new General Data Protection Regulation (GDPR). GDPR regulates the processing of personal data about individuals in the European Union, including how that data is collected, stored, transferred and used. The concept of "personal data" is defined very broadly, and covers any information relating to an identified or identifiable individual — anything from their name and email to potentially their online IP address.

GDPR gives people more rights and control over their data, including the right to be forgotten or the right to request a copy of any personal data you have collected about them. GDPR also requires organizations implement appropriate policies and security controls to protect personal data, keep detailed records on data activities, and enter into written agreements with vendors that process personal data on their behalf.

Why is GDPR important to me?

GDPR applies to any organization that processes personal data of individuals in the European Union, including tracking their activities online. If your website accepts visitors or customers from the European Union, you are most likely impacted by this law. Under the GDPR, authorities can fine organizations up to €20 million or 4% of the company's global revenue, so the stakes for compliance are high.

Does GDPR require that my information be stored in the EU?

No. A company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU. We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to satisfy this requirement, and also offer a Data Processing Addendum (DPA) to customers that require it.

What is Improvely doing to comply with GDPR?

We have made changes

We have reviewed our internal polices, IT infrastructure and vendor agreements to ensure compliance with new requirements. We've also updated our legal documents including the Terms of Service, Privacy Policy and Data Processing Addendum to make any changes needed in advance of the GDPR.

We are addressing EU-US data transfers

As our servers are located in the United States, we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, a mechanism that had been approved for cross border transfer of personal data under the Data Protection Directive and expected to apply under GDPR as well.

We have implemented new features

As a Data Controller, you may need to respond to requests from users to receive a copy of their personal data, amend that data, delete that data, or stop processing their data. We will work with you to respond to these requests in required time frames.

We have added new features to your People Explorer tool to help you locate all the data you have collected about a person, export all of that data on request, or delete it all easily.

You can offer the option for your visitors to opt-out of Improvely's tracking by linking to the Improvely Opt-Out page, and we recommend including this in your Privacy Policy.

What do Improvely customers need to do?

As a user of Improvely, you should:

  • Review the GDPR yourself to ensure your organization meets all requirements.
  • Make sure your Terms of Service and Privacy Policy properly communicate to your users how you are using Improvely (and other analytics services) on your website. You should make clear what data you are collecting and how you use it, and obtain any consents necessary. This requirement is already part of Improvely's Terms of Service, but with the GDPR coming into effect, it's even more important you ensure your policies are up to date and clear to your visitors.
  • If you are in the European Union, you may want to sign a Data Processing Addendum with Improvely to make clear our respective obligations under the GDPR. We're happy to do so, and you may request a copy of this agreement by contacting us through your account or by emailing us at

I'm new to the GDPR and would like to learn more

Here are some resources we think you may find useful: