I know you are working to make Infusionsoft GDPR compliant, however the most important issue is for Infusionsoft to be part of the Privacy Shield as this replaced the Safe Harbour agreement. Is this part of the plan? If it is not then it matters not what you do to make Infusionsoft GDPR compliant, we are breaking the law in allowing unprotected data to leave the EU.
Infusionsoft has this statement available:
They are working to ensure compliance.
We will continue using model contracts for the time being. Privacy Shield will likely be revisited later this year.
Hey Martin, have there been any developments in the Privacy Shield area?
Hi, @Insa_Winkelbrandt. Privacy Shield was revisited, but there are no immediate plans to adhere to Privacy Shield. Keap will continue being compliant by EU Model Contract for the foreseeable future.
Thanks Martin. That’s a shame, as I have a prospect who needs Privacy Shield. I don’t know how PS differs from EU Model Contract.
I totally understand, @Insa_Winkelbrandt. Privacy is a complex topic and I would recommend contacting an attorney that understands and can translate EC rulings on data transfer. Unfortunately, due to the legal climate of GDPR/Privacy, I can’t really give advice on how you should proceed or discuss how certain legal components may differ from one to the other. I can give you a link to our Data Privacy FAQ which states,
“Keap currently offers customers the EU Model Contract to enable the lawful flow of personal data from the EEA to Keap in the United States. The EU Model Contract contains standard contractual clauses which are approved by the European Commission, and which govern the lawful transfer of data from the EEA to countries outside of the EEA. Under the GDPR, additional legitimate methods of exporting personal data outside the EEA may be introduced. In the event of any changes to or new rules associated with the GDPR, Keap will review and respond appropriately.”
Technically, no one actually needs PS. PS is an agreement for Americans to be held to EU laws here in American and that isn’t something Americans really care for (just being honest). What DOES matter is that the protocols are followed to satisfy GDPR. No one actually needs PS for that to happen. They just follow the rules detailed in GDPR and they are then compliant.
Thanks for that input