It’s here. The much anticipated, oft-discussed, enforcement date of May 25 for the EU General Data Protection Regulation (GDPR) has arrived. GDPR is the most comprehensive regulatory reform in a generation, and its geographic scope extends far beyond European borders and affects all industries.

This month marks the beginning of a new era in which data is looked at with the same level of scrutiny, care, and risk as anti-trust violations and food safety.

GDPR Readiness

If you do business with or in Europe, GDPR applies to you and your organization should be well on the way with these things:

  • Start a data governance program
  • Appoint a Data Privacy Officer
  • Perform data inventory and mapping
  • Ensure legitimate bases for processing data
  • Understand consent
  • Conduct risk analysis and Data Privacy Impact Assessments (DPIA)
  • Enable data subject rights
  • Manage vendor relations

At Cisco this year, we also stepped up our privacy-focused efforts with the following milestones.

Binding Corporate Rules Approval

European privacy regulators approved our global privacy program and policies that safeguard the privacy, fundamental rights, and freedoms of individuals for transfers of personal information protected under European law.

This is significant because approval of our policies by the Dutch, Polish, Spanish, and other relevant European privacy regulators signals that we are providing adequate safeguards to protect privacy, fundamental rights, and freedoms of individuals for transfers of personal information protected under European law.  Cisco’s Binding Corporate Rules – Controller (BCR-C) provide that any European personal information data that Cisco transfers worldwide benefits from an adequate level of protection.

Supporting the BCRs, our new Global Personal Data Protection and Privacy Policy outlines Cisco’s commitment to personal data and privacy, and the principles that govern this commitment.

Engineering Privacy into Our Solutions

One of our major areas of focus is investment in Privacy Engineering, which enables us to design, build and govern our solutions with privacy in mind. As a first step, we are addressing our cloud-based offerings, such as our collaboration solutions and security products.

We always strive to be transparent, fair, and accountable in how we use the personal data of our customers, and now new privacy data sheets are available on the Cisco Trust Center. These describe how we work with data with our cloud-based solutions. This is just the beginning of our efforts to strengthen our trusted relationship with our customers through transparency.

At Cisco, we remain focused on the security, trust, privacy, and resilience of our customers, and that surely means securing their data and that of our employees. If you need help building a privacy program to meet your unique requirements, consider Cisco Privacy and Data Protection Services. We can help you build a privacy framework and program to support your digitization and technology.

We’re here to help with the resources you need to be successful!

More Information


Cisco View on GDPR (video)

GDPR Readiness Infographic

Privacy Sigma Riders Podcast

GDPR: It’s Getting Personal Blog

GDPR, Cisco and You Blog

Cisco Policy and Process Central

Privacy Data Sheets

Cisco 2018 Privacy Maturity Benchmark Study

European Commission on BCR-C




Michelle Dennedy

No Longer with Cisco