GDPR Information

Aspect Preparations for the EU’s General Data Protection Regulation

On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) became effective, replacing existing EU data protection laws based on the 1995 EU Data Protection Directive. The GDPR strengthens privacy rights for EU individuals and extends the scope of responsibilities for businesses processing personal data of EU individuals.

Aspect has taken the steps necessary to comply with the legislation and equipped our customers to do the same by the May 25th effective date.

Under the direction of Aspect’s global GDPR project team, Aspect closely analyzed the requirements of the GDPR and is made the necessary modifications to its products and services, contracts, and documentation to support GDPR compliance for our customers.

Aspect conducted a full information audit and data mapping exercise covering all personal information on data subjects processed by Aspect in its role as controller and processor. This effort included all processing activities undertaken by Aspect by itself and on behalf of customers through Aspect’s products and services. The level of detail included, but was not limited to, the purposes of processing, data subjects, categories of personal data, lawful bases for processing, location of data and retention periods.

Product-Specific Guidance

Aspect will provide product-specific guidance during the first half of 2018 (extending through Summer 2018) as our product delivery teams continue their assessments and implementations of GDPR’s data protection principles, program build requirements, and response mechanisms for data subject’s rights under GDPR.

Access to this documentation will be made available within the Aspect Customer Care Community.


Commonly Asked Questions

This FAQ focuses on typical questions asked by Aspect customers when considering the implications of GDPR on their use of Aspect’s products and services that involve processing of personal data.

Will Aspect update current customer contracts to include language outlining its obligation under the GDPR mandate?
Are Aspect customers outside the European Economic Area (EEA – a trade-free zone that is distinct from, and larger than, the EU) affected?
Will Aspect require customers to update or modify their Aspect products in order to remain compliant with GDPR?
Will Aspect provide guidance on a product-specific basis in addition to the general announcement distributed that outlines the steps Aspect is taking to prepare for GDPR?
Will Aspect proactively contact customers to help guide them through new data protection requirements?
Will Aspect charge a fee for any services they provide customers regarding supporting GDPR compliance?
What should customers do right now?
Does Aspect provide “technical and organizational security measures”?
Are channel partners subject to changes in their agreements with Aspect?
Where does Aspect process EU personal data?
What kind of sub-processors does Aspect engage and how will Aspect notify customers of any change?
Whom at Aspect should customers contact with particular questions about GDPR compliance at their organizations?

These FAQ’s are provided for the purposes of information only and do not provide legal advice. Aspect therefore encourages customers to seek legal advice about the legal permissibility of the processing of personal data by customer by way of using Aspect’s products and services.

Click here for a downloadable version of the above FAQs.


Aspect also issued an initial customer advisory on GDPR in July 2017 which is provided here for reference.
In addition, we also have details on the UK data protection authority's (ICO) guide for companies here.


What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.

Read more: General Data Protection Regulation (GDPR) Definition | Investopedia