- Twilio is committed to being GDPR compliant by May 25, 2018.
- New data processing addendum for customers.
- Additional GDPR guidance materials coming soon.
At Twilio, we’re keenly aware that organizations who process personal data of people in the EU need to be sure their service providers support compliance with the General Data Protection Regulation (GDPR). That’s why we are committed to ensuring our platform is GDPR-compliant by May 25, 2018, when GDPR becomes enforceable.
Our first leadership principle is to “wear the customer’s shoes.” This leadership principle is so fundamental to who we are that we actually have customers’ shoes hanging on the walls at our headquarters. No joke. So, while we love developing new features and products to help unlock your communications innovations, we understand that if our platform doesn’t support your compliance needs, those new features and products don’t mean much.
Furthermore, Twilio welcomes GDPR as an opportunity to build a stronger data protection foundation which will benefit all. Data privacy is an important human right, and in this data-driven world, more than ever, data protection is something that all companies should be paying close attention to.
If that doesn’t get your attention, let’s talk penalties for non-compliance: organizations that fail to comply with GDPR will be facing severe fines, to the tune of € 20 million or 4% of worldwide revenue.
Preparing for GDPR
Twilio is committed to supporting you in your journey to becoming GDPR-compliant. In the next six weeks, we’ll be publishing additional blog posts as well as a white paper to help you prepare for using Twilio’s products in a GDPR-compliant way.
In the meantime, if you haven’t done so already, now is a great time to start familiarizing yourself with the law.
Scoping a task like GDPR compliance is the first step in tackling it. We recommend that you start mapping the categories of personal data you process (e.g. names, email addresses, IP addresses, device identifiers, etc.), systems and service providers you use to process personal data, as well as business reasons for your personal data processing activities.
For a glimpse into how Twilio has tackled data mapping, check out The Trust Imperative video of my SIGNAL 2017 session:
If you’re already on top of your GDPR game, you probably know that you need to have appropriate data protection terms in your contracts with service providers that process EU personal data on your behalf. To that end, Twilio has updated its data processing addendum. Fill in the data processing addendum request form to receive the addendum.
The countdown has begun – so let’s get it done! Onward!