The GDPR countdown continues as we march towards May 25, 2018 when the GDPR becomes effective. At Zendesk we're expecting 2018 to bring a rush of questions and requests from customers as they build out their own privacy and compliance programs. With the enforcement date of the GDPR quickly approaching, we thought it would be a good time to update everyone on what we’ve been doing to prepare.
Over the past nine months, we have been preparing for the GDPR so that we can maximize the support that we can provide our customers in their compliance efforts. For those who are not familiar with the GDPR …. over a year ago, the European Commission approved and adopted the GDPR, (sometimes known by the longer name - the “General Data Protection Regulation”).
The GDPR is the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive, also known as Directive 95/46/EC or simply the Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the Directive and all local laws relating to it.
Zendesk’s GDPR Commitment
We are committed to our customers’ success, including compliance with the GDPR and EU Data Protection laws in general. Similar to existing privacy laws, compliance with the GDPR requires a partnership between Zendesk and our customers in their use of our services. Zendesk affirms its commitment to comply with the provisions of the GDPR in the delivery of our service to our customers when the GDPR comes into effect. We have closely analyzed the requirements of the GDPR, and are working to make enhancements to our products and processes to support compliance with this regulation.
Preparing our Customers for the GDPR
Today we are announcing the launch of our EU Data Protection website to serve as a resource to help our customers prepare for the GDPR and to serve as a centralized information hub where our customers can stay up to date with our product enhancements and EU data protection issues in general. This website includes information about various aspects of EU data protection, our BCRs, what the GDPR is, the changes it brings to organizations operating in the EU, and the product features and services Zendesk offers to support your GDPR compliance efforts. In the coming months, we will continue to update the website and add resources to assist our customers’ GDPR compliance efforts when using our services.
Data Processing Agreement
We updated our Data Processing Agreement (DPA) - which now contains additional provisions to assist our customers with their compliance with the GDPR. You can obtain our DPA be making a request to firstname.lastname@example.org.
What else has Zendesk been doing?
We thought it would be an opportune time to remind you about the resources available in Zendesk’s robust privacy and security program. We have consistently reinforced our commitment to protecting our customers’ data through our actions over the last few years to ensure that we meet the highest standards in the industry:
- Even before the invalidation of the EU-U.S. and Swiss-U.S. Safe Harbor programs, we offered all of our customers a data processing agreement. This permitted customers that entered into such agreements to continue to transfer data to Zendesk without interruption under the European Commission-approved Standard Contractual Clauses (aka, the “Model Clauses”).
- In June 2017, we became only the second company to achieve approval of our binding corporate rules for processors and controllers from the Irish Data Protection Commissioner (peer reviewed by both the UK Information Commissioner’s Office (ICO) and the Dutch Data Protection Authority (DPA)). This significant regulatory approval validated Zendesk’s implementation of the highest possible standards for protecting personal data globally, covering both the personal data of its customers and its employees.
- We have certified compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Our certifications can be viewed on the The International Trade Administration (ITA), U.S. Department of Commerce website found here.
We look forward to working with our customers’ GDPR compliance efforts. For more information, we encourage our customers to visit our EU Data Protection website.