General Data Protection Regulation (GDPR) Compliance

What is GDPR?

General Data Protection Regulation is a new framework put in place by the European Union protecting EU residents’ data rights. The ruling works in favor of data privacy, so that when an EU user accesses external-facing websites or web applications, they are more aware of the data being collected and how the data is being used. Simply put, GDPR gives users “the right to be forgotten” and become anonymous online. Users must elect to opt-in to sharing their personal user data and can always opt-out to have their data be forgotten at any time.

GDPR applies to companies worldwide that provide product or services that collect and store personal data about an EU citizen, and is going into effect starting May 25, 2018.

The constraint of the ruling is driven in part based on the type of user data collected. INXPO collects non-confidential PII (Personally Identifiable Information) data, such as name, email and engagement metrics. This type of information has INXPO data falling within less constraining requirements. However, INXPO customers who merge INXPO data with other data they have collected (e.g. Marketing Automation) on a user place themselves into the higher constraint category.

Why is this important?

INXPO values the trusting relationship built between our customers and end users, and therefore has prioritized updating our data processes to being completely compliant with the new GDPR regulation. INXPO’s enterprise video platform is fully compliant today, and by May 2018 all companies that serve EU citizens will have to be complaint or are at risk to be fined by the government.

How is INXPO fully GDPR compliant?

With GDPR there is a data controller (the client) and the data processor (INXPO). As data processors, INXPO has enabled the following features to ensure all clients serving an EU audience are 100% GDPR compliant.

-INXPO by default will enforce GDPR on all standard registration pages.
– GDPR is enforced based on the country the user selects on the registration page.
– If a user does not agree to the terms they will not be registered.

– Clients will have the ability to customize their own country list as well as the GDPR message that appears on the registration page.

– A report will be made available to display all registered GDPR users from a given show.

– Users have the right to be forgotten. When this is requested, a user’s profile information will be anonymized within the specified webcast or event tenant.

– When utilizing a third party (i.e. Marketo) for registration, it is the responsibility of the third party to ensure they are only passing users who have accepted the GDPR policy.

– If a user requests to be forgotten, it is the responsibility of the event owner to notify the third party contact of the user’s request.  This is currently a manual process, as third parties don’t want someone making an automated call to “forget” a user.

– When using the mass upload tool, it is the responsibility of the client to provide a list of users who have opted into the GDPR policy.

– We are working with our integration partners to ensure our GDPR process is aligned to regulation throughout the data transfer.

For more information on our GDPR compliance, or the specific conversations we had with different Marketing Automation providers, please do not hesitate to talk to us directly by emailing