Since coming into force in May 2018, Bloomreach Engagement has been developing its features with privacy in mind, including compliance to GDPR.

Our Bloomreach Engagement application supports our customers in finding the best ways to be compliant with the GDPR. We have created this section of our Docs to ensure you are informed about our features and how to use them to their best potential.

Our independent Data Protection Officer (DPO) also makes sure that Bloomreach Engagement stays compliant. The DPO is tasked with monitoring compliance with the GDPR and other data protection laws, our data protection policies, GDPR awareness training, and audits.

This series of GDPR guides will explain to you the following:

What is GDPR

GDPR (General Data Protection Regulation) has replaced all existing data protection laws across Europe and now shapes the way in which companies handle, protect, and profit from data.
All businesses and not-for-profit organizations that process personal data concerning employees, customers, or prospects who are in the EU and/or are EU citizens fall within its scope, wherever in the world the company is based and even if the data is processed outside the EU.

Controller vs Processor

In the context of Data Protection laws, you are the controller of your data while Bloomreach Engagement is the Processor. As the Controller, you decide on the purposes and means of all data processing. As the Processor, Bloomreach Engagement acts on the controller’s instruction - you. This distinction is crucial because Controllers and Processors have different responsibilities with regard to compliance.

As a Controller, you bear the responsibility to ensure and demonstrate compliance with GDPR as you are in full control of which data you collect and how you use them. Through the document, there will be multiple references to your particular responsibilities as a controller.