fuze formerly thinkingphones Schedule a demo
Starting on May 25, 2018, a landmark new privacy law, the General Data Protection Regulation (GDPR), became enforceable in the European Union (EU). At Fuze, we are committed to our customers’ success, including their compliance efforts with respect to the GDPR. We’re here to assist our customers with their efforts to comply with the GDPR, through the comprehensive privacy and security protections that the Fuze offering provides. Please note that the content on this page (including links) is not legal advice and is only provided for informational purposes. For legal advice, you’ll want to consult with your own organization’s legal team. Fuze cannot be held liable in any way with regard to the content of this webpage.

Fuze’s Data Processing Clauses

Fuze has published updated data processing clauses (“DPC”) containing updated and added provisions, in order to help customers with their compliance with the GDPR. The DPC updates our customers’ existing agreements with Fuze, and sets forth Fuze’s obligations under the GDPR with regards to our provision of the Fuze service.

What is the GDPR?

The GDPR arose, in large part, as a holistic way to update existing, disparate, and sometimes-conflicting laws and regulations across the EU and to strengthen the protection of individuals’ personal data, in light of the rapidly-evolving technological landscape, increased interconnectivity and globalization, and more elaborate international transfers of personal data. The GDPR generally replaces the legacy mix of national data protection laws that are currently in place with a single, comprehensive law, which is directly enforceable in each EU member countries.

More specifically, the GDPR regulates the “processing,” which includes the collection, storage, use, or transfer of personal data about EU individuals. Any organization (regardless of whether it is located in the EU, has an office in the EU, or has no office in the EU) that processes the personal data of EU individuals needs to comply with the GDPR. Critically, under the GDPR, the EU defines “personal data” broadly, so that the law generally covers any information relating to an identified or identifiable individual (a “data subject”).

Fuze’s Commitment to GDPR Compliance

Fuze is committed to compliance with the GDPR. We view the GDPR both as an important step forward in streamlining and unifying data protection requirements across the EU, and as an opportunity for Fuze to strengthen our long-standing commitment to data protection principles and practices.

To demonstrate our dedication to security and privacy, Fuze has obtained SOC 2 Type II certification for our platform and received a 3rd party attestation of compliance with ISO 27001 Annex A. Further, Fuze has revised its privacy policy and we are pursuing compliance with the Privacy Shield framework. More information on our current security practices can be found on our Security page. Our privacy team has analyzed the requirements of the GDPR and has enhanced our policies, procedures, contracts and platform features to ensure we comply with the GDPR and enable compliance for our customers.

What should Fuze customers do to prepare for the GDPR?

If your organization is a controller or processor of EU resident data, it is critical to establish compliant security and privacy practices now that the May 25, 2018 enforcement period has commenced.

The following steps will allow you to achieve compliance:

  • Tone at the top is key. Establish support at top levels for GDPR compliance efforts, and designate a data protection officer (DPO) to oversee the compliance efforts.
  • Review current security and privacy efforts and perform a privacy impact assessment (PIA) over high-risk data processing activities. Results of the PIA should drive the establishment of new control activities to mitigate the identified risks. Fuze is of course able to assist you with a PIA.
  • Ensure transparency with data subjects. In some situations, an organization that collects data from European residents must ask for explicit consent from the data subject in order to do so. Additionally, data should only be used for the purposes specified and should only be transferred to third parties disclosed in agreements.
  • Keep a record of compliance activities. It always helps to have a detailed record of the work your organization has done to comply with the GDPR. Whether it’s a PIA, policy document, or consent form, etc., documentation of security and privacy practices will assist your organization in demonstrating its compliance with the GDPR.

If you or anyone in your organization has questions about the GDPR, or any of Fuze’s security and privacy practices, please do not hesitate to contact our legal team at legal@fuze.com or our security team at security@fuze.com.

Relevant Policies and Documents

Product Privacy Statement

Read more >

Fuze Platform Subprocessor List

Read more >
Fuze sales - Request contact
Fuze in Action - Schedule a demo
Referral Partner Program Guide
Schedule a demo