Mixpanel – GDPR Readiness
After years of comments and drafts, the European Union’s General Data Protection Regulation (“GDPR”), the most comprehensive privacy regulation of the last twenty years, will take effect on May 25, 2018. Helpful information about the GDPR can be found in our GDPR FAQ. At Mixpanel, we welcome the transparency and will continue to ensure our customers’ data is secure, including compliance with the GDPR. We know the requirements of the GDPR are complex, and that our customers need to know if we will be ready; the answer is, yes. We have already made significant progress and are committed to being fully ready by May 25th.
Leading in Privacy and Security
As the first product analytics company to certify under the Privacy Shield Principles in 2016, we have demonstrated our firm commitment to complying with privacy regulations. As we prepare for the GDPR, we are confident we will continue to be a market leader in privacy compliance for product analytics platforms. Over the last year, our team of privacy and security experts has been busy evaluating our product, reviewing our vendors, and auditing our privacy and security programs to see what changes needed to be made.
On the security front, before even setting out on an audit of our systems, we knew customer data would be encrypted both in transit and at rest using AES 128 or 256. Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Mixpanel has a firm security foundation, which you can learn about more in our Security White Paper, to continue to improve upon.
In addition to augmenting our security program, here’s what we’ll be doing to support all of our customers in their GDPR compliance efforts ahead of the May 25, 2018 deadline.
Enhanced data deletion and export features
The GDPR empowers “data subjects,” the individuals from whom the data has been collected, to control who has their data. Today, we already provide rich data export functionality and the ability to delete customer data. However, to further build on these features for GDPR, we will be automating our data deletion and export capabilities, which will better allow us to support any requests our customers may receive from data subjects. These forthcoming product releases to automate the deletion and export process will help keep our customers GDPR compliant by ensuring we are only processing data for identified, appropriate data subjects.
Comprehensive review of vendors
We know we have an important responsibility when it comes to scrutinizing the vendors we use to help us provide our services to our customers. Part of our readiness plan is making sure our contracts adequately address the security, privacy, and confidentiality of our customers’ data under GDPR; you can be confident that our vendors have undergone a thorough privacy and security review by Mixpanel’s legal and security teams. We’ve also ensured your data is stored with an industry leader with a robust security program and appropriate security certifications.
Updated Data Protection Terms
In addition, we have identified the following areas where we’ll also make improvements:
- Enhanced privacy and security awareness program: We’re launching a new comprehensive, company-wide privacy and security training portal to augment our current training program. Every Mixpanel employee, regardless of whether they access customer data, will receive important and up-to-date training on data privacy and security.
- Data Protection Officer (DPO): We will be appointing a DPO to keep us on track with the latest privacy changes to maintain best practices and protect customer data.
- New subscribe features: To ensure that our marketing practices follow the GDPR rules, we’re enhancing our subscribe/control feature in our newsletters, blogs, and emails. We want our customers to receive the information they want, when they want. Now you can make sure you’re getting the latest product and company updates from us, and not getting information you don’t want.
The privacy landscape is changing fast and we take very seriously the immense responsibility of caring for our customers’ data. Mixpanel has a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel.
If you would like more information or have follow-up questions please reach out to us at firstname.lastname@example.org.