Episerver Raises Bar for GDPR Compliance and Data Best Practices

Episerver, the company transforming digital experiences, today declared its preparation for the European Union’s (EU) fast-approaching General Data Protection Regulation (GDPR) deadline, set to go into the enforcement phase on May 25, 2018 and clarified its position on the benefits of the new regulation for organizations’ reputation and revenue.

Episerver prioritizes the transparency of the data it collects to fuel relevant experiences and has taken many steps to safeguard personal information. As part of its security compliance framework, Episerver has established ISO 27001 compliance, Privacy Shield certification, the Episerver Trust Center, and industry-leading data processing agreements and processes. By deploying Episerver's fully managed cloud service, customers can reach GDPR compliance faster and more seamlessly adapt to its standards. The ramifications for failing to comply are substantial: organizations risk fines of €20 million or 4 percent of their annual global revenue and the gradual alienation of customers who expect transparency around how their personal information is collected and used and by whom.  

“Episerver has upheld the highest standards in data privacy from its inception, and we continue to steer our vision and stake our success to that approach,” said James Norwood, CMO and executive vice president strategy at Episerver. “We recognize the GDPR as an opportunity to level the playing field, empower marketers with better quality data and benefit customers through consent-based digital interactions. Compliance with the GDPR will ultimately enhance organizations’ customer engagements, not impede them, and marketers should be seeking such assurances from their technology providers.” 

Episerver customers, including global workwear brand Kansas, have already demonstrated the benefits of gathering proactive consent for marketing communication before it is required. Kansas leverages double opt-in for email marketing, a practice that involves asking new and existing customers to re-opt-in to email communications. With GDPR, practices like double opt-in will need to become commonplace.

According to internal data gathered in 2017 from 14 billion emails sent through Episerver Campaign™, when compared to average open rates for majority single opt-in approaches, email communications that rely exclusively on double opt-in drive a 153 percent higher open rate. After implementing double opt-in, Kansas saw a 68 percent open rate and refined its data quality through explicit consent from customers.

In addition to emphasizing compliance in its products features, Episerver reinforced its strategic commitment to data protection last August with certification under the U.S. Department of Commerce’s EU-U.S. Privacy Shield Framework and through the appointment of Episerver’s general counsel and vice president Peter Yeung to the newly created role of global data protection officer (DPO). Additionally, the company appointed Microsoft veteran Sue Bergamo as chief information officer (CIO) and chief information security officer (CISO) to lead Episerver’s information security efforts and ensure access to Episerver’s platform in compliance with internal security, governance and privacy requirements. 

“Episerver has made GDPR compliance an everyday priority in both product development and managed services globaly,” said Peter Yeung, vice president, general counsel and global data protection officer at Episerver. “Episerver has a rich history of leading the way in highly regulated industries and countries, resulting in solutions designed with compliance built in from the ground up. We combine years of extensive experience and knowledge with cloud infrastructures with a deep commitment to data protection, security and compliance.”

The Episerver Digital Experience Cloud™ is increasingly seen by organizations as a GDPR safe harbor, designed to ensure enterprise-level security, data protection and privacy requirements, compliance laws and regulations on behalf of Episerver’s global customer base. Episerver monitors and reviews all global data, privacy and protection laws and regulations, and reinforces all foundation technology with additional security and privacy credentials.

Additional benefits and assurances Episerver provides to its partners and customers concerned about meeting GDPR compliance include: 

• Mandating that all applicable vendors sign an agreement to ensures data protection and privacy regulatory compliance, through such mechanisms as a data processing agreement.
• Maintaining an active Certification, Compliance, Security and Data Protection and Privacy Governance Board with executive oversight.
• Maintaining ISO 27001 certification and policies and practices that adhere to NIST standards
• Ongoing training, educational series and discussions around security, data protection, and privacy on an annual cadence.

About Kansas

Kansas is one of the leading workwear brands in Europe and part of Fristads Kansas Group. Fristads Kansas Group operates in workwear and promowear in Europe, active in 24 countries and with offices in 18. Six development centers ensure Fristads Kansas Group is keeping and extending its lead in the market, which includes 1,900 employees that contribute to yearly sales of around 500 million euro.