Fuze’s Data Processing Clauses
Fuze has published updated data processing clauses (“DPC”) containing updated and added provisions, in order to help customers with their compliance with the GDPR. The DPC updates our customers’ existing agreements with Fuze, and sets forth Fuze’s obligations under the GDPR with regards to our provision of the Fuze service.
What is the GDPR?
The GDPR arose, in large part, as a holistic way to update existing, disparate, and sometimes-conflicting laws and regulations across the EU and to strengthen the protection of individuals’ personal data, in light of the rapidly-evolving technological landscape, increased interconnectivity and globalization, and more elaborate international transfers of personal data. The GDPR generally replaces the legacy mix of national data protection laws that are currently in place with a single, comprehensive law, which is directly enforceable in each EU member countries.
More specifically, the GDPR regulates the “processing,” which includes the collection, storage, use, or transfer of personal data about EU individuals. Any organization (regardless of whether it is located in the EU, has an office in the EU, or has no office in the EU) that processes the personal data of EU individuals needs to comply with the GDPR. Critically, under the GDPR, the EU defines “personal data” broadly, so that the law generally covers any information relating to an identified or identifiable individual (a “data subject”).
Fuze’s Commitment to GDPR Compliance
Fuze is committed to compliance with the GDPR. We view the GDPR both as an important step forward in streamlining and unifying data protection requirements across the EU, and as an opportunity for Fuze to strengthen our long-standing commitment to data protection principles and practices.
What should Fuze customers do to prepare for the GDPR?
If your organization is a controller or processor of EU resident data, it will be critical to establish compliant security and privacy practices prior to the May 25, 2018 deadline.
The following steps will allow you to achieve compliance:
- Tone at the top is key. Establish support at top levels for GDPR compliance efforts, and designate a data protection officer (DPO) to oversee the compliance efforts.
- Review current security and privacy efforts and perform a privacy impact assessment (PIA) over high-risk data processing activities. Results of the PIA should drive the establishment of new control activities to mitigate the identified risks. Fuze is of course able to assist you with a PIA.
- Ensure transparency with data subjects. In some situations, an organization that collects data from European residents must ask for explicit consent from the data subject in order to do so. Additionally, data should only be used for the purposes specified and should only be transferred to third parties disclosed in agreements.
- Keep a record of compliance activities. It always helps to have a detailed record of the work your organization has done to comply with the GDPR. Whether it’s a PIA, policy document, or consent form, etc., documentation of security and privacy practices will assist your organization in demonstrating its compliance with the GDPR.
If you or anyone in your organization has questions about the GDPR, or any of Fuze’s security and privacy practices, please do not hesitate to contact our legal team at email@example.com or our security team at firstname.lastname@example.org.