On May 25, 2018, the EU General Data Protection Regulation (GDPR) became effective bringing new global data protection rights for individuals in the European Union. LogRocket fully supports the privacy rights of our customers and their users and has achieved GDPR compliance.
LogRocket offers a data processing agreement (DPA) for customers processing information on behalf of EU and Swiss citizens. Please contact [email protected] for more information.
As we all work to understand and apply GDPR concepts to our own businesses, we’ve created the below outline to keep you informed of our efforts. We’ll be proactively reaching out to our entire customer base once we have best practices to share.
Our DPA has been revised to reflect both regulatory and operational changes related to GDPR. You can view and sign a copy here.
Privacy Shield Update (August 2020)
If you signed our DPA prior to August, 2020, it is no longer valid due to Privacy Shield being struck down by the EU courts. Please re-sign our updated DPA above which leverages the Standard Contractual Clauses.
Initial Product strategy
Using our research and model, we’ve defined the product roadmap necessary to allow LogRocket as Controller and LogRocket as Processor to become compliant with GDPR
We are reviewing all vendors who act as sub-processors for LogRocket data, auditing their approach to GDPR, and entering into DPAs where necessary.
- Consult with internal and external counsel to understand legal interpretations of the GDPR requirements
- Work with other leading technology firms to understand the market’s general interpretation and best practices
- Perform a Data Protection Impact Assessment as a security review to determine compliance with GDPR security requirements and industry best standards
Based on our research, we’re developing our working interpretative model as a reference and guide for internal processes
We are actively implementing pieces of the compliance roadmap within our product offering
Finalize and communicate GDPR specifics to customers
While we have an initial set of product changes related to GDPR, we will continually be evaluating and adding new security and privacy functionality in LogRocket.
- Ability to delete an individual within the UI and receive an audit log (currently, you can contact us to delete specific users)
- Ability to discard IP addresses and exclude them from the UI
- More fine-grained exclusion / recording mechanisms tied to consent
Product strategy will continue to evolve around GDPR. Future product changes that you may see include:
- User identification processes and mechanisms
- Retroactive deletion of specific field captures
- Active monitoring & alerting around recorded data that appears sensitive
- How are we thinking about compliance for our customers and what do you need to do?
- It is important to note that LogRocket is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance.
- We are a controller with respect to our visitors and customers interacting with any domain within our control (e.g. www.logrocket.com, app.logrocket.com, docs.logrocket.com, blog.logrocket.com, etc.).
We are a processor (and occasionally a subprocessor) with respect to the end users whose data LogRocket receives: our customers’ users.
As a customer of LogRocket, you are a data controller and LogRocket is acting as your data processor for your users. In this respect, you’ll want to take the following steps as we approach May 25th:
- If you have customers in the EU, please sign our updated DPA here.
- Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
- Watch for updates from LogRocket related to product functionality or T&C changes.
Updated 2 months ago