It’s here. The much anticipated, oft-discussed, enforcement date of May 25 for the EU General Data Protection Regulation (GDPR) has arrived. GDPR is the most comprehensive regulatory reform in a generation, and its geographic scope extends far beyond European borders and affects all industries.
This month marks the beginning of a new era in which data is looked at with the same level of scrutiny, care, and risk as anti-trust violations and food safety.
If you do business with or in Europe, GDPR applies to you and your organization should be well on the way with these things:
- Start a data governance program
- Appoint a Data Privacy Officer
- Perform data inventory and mapping
- Ensure legitimate bases for processing data
- Understand consent
- Conduct risk analysis and Data Privacy Impact Assessments (DPIA)
- Enable data subject rights
- Manage vendor relations
At Cisco this year, we also stepped up our privacy-focused efforts with the following milestones.
Binding Corporate Rules Approval
European privacy regulators approved our global privacy program and policies that safeguard the privacy, fundamental rights, and freedoms of individuals for transfers of personal information protected under European law.
This is significant because approval of our policies by the Dutch, Polish, Spanish, and other relevant European privacy regulators signals that we are providing adequate safeguards to protect privacy, fundamental rights, and freedoms of individuals for transfers of personal information protected under European law. Cisco’s Binding Corporate Rules – Controller (BCR-C) provide that any European personal information data that Cisco transfers worldwide benefits from an adequate level of protection.
Engineering Privacy into Our Solutions
One of our major areas of focus is investment in Privacy Engineering, which enables us to design, build and govern our solutions with privacy in mind. As a first step, we are addressing our cloud-based offerings, such as our collaboration solutions and security products.
We always strive to be transparent, fair, and accountable in how we use the personal data of our customers, and now new privacy data sheets are available on the Cisco Trust Center. These describe how we work with data with our cloud-based solutions. This is just the beginning of our efforts to strengthen our trusted relationship with our customers through transparency.
At Cisco, we remain focused on the security, trust, privacy, and resilience of our customers, and that surely means securing their data and that of our employees. If you need help building a privacy program to meet your unique requirements, consider Cisco Privacy and Data Protection Services. We can help you build a privacy framework and program to support your digitization and technology.
We’re here to help with the resources you need to be successful!
Cisco View on GDPR (video)