What Workday Is Doing to Move Global Privacy Forward

Workday is committed to safeguarding global privacy by anticipating regulatory changes and supporting customers with compliance across diverse privacy laws worldwide. Workday Chief Privacy Officer Barbara Cosgrove shares more about our proactive approach, including our dedicated privacy team, ongoing employee education, and the integration of privacy and AI principles into our products and practices.

Person holding a phone while working on a laptop

Safeguarding privacy is truly a global priority. Privacy laws have been implemented in 70% of the world’s countries, with varying approaches to addressing privacy concerns. Regulatory bodies have strengthened their capabilities in many ways, such as adding cross-functional expertise and increasing staff. New technologies and AI are motivating governments and regulators to evolve their approaches to protecting privacy and, in some cases, to propose new privacy laws.

At Workday, we’re always looking ahead to anticipate what matters most to our customers. Because our customers operate in a global economy, their privacy priorities reflect diverse worldwide regulations and standards. We know we must take a global approach to managing our privacy program and developing products that help solve our customers’ most pressing problems.

The Workday Global Approach to Privacy

We continue to monitor the global regulatory needs of our customers to help them meet their obligations wherever they use Workday. For example, we help our customers comply with General Data Protection Regulation (GDPR) obligations related to their European workforces. We also invest in meeting our compliance obligations as our customers’ data processor under GDPR, and work with our customers to help them adhere to an ever-growing number of state and sectoral privacy laws in the U.S.

Over the past few years, new data privacy and security regulations have continued to emerge across Asia Pacific and Japan (APJ). To help support our customers in this region, we developed a cross-functional task force of subject-matter experts and leaders to better understand customer requirements and work on solutions to help them along their compliance journey.

While there is not a one-size-fits-all approach to privacy, it is essential to have a forward-thinking one that spans each region and remains committed to our privacy principles.

Putting Our Privacy Principles Into Action

Let’s take a deeper look at how we put our privacy principles into action.

We prioritize privacy, which means:

  • We have a dedicated team of privacy experts, including attorneys, privacy operations and compliance professionals, and privacy and data engineers, who work to understand our customers’ privacy needs and help them implement best practices.
  • We continually educate our employees with up-to-date privacy awareness training and engagement tailored to varied audiences. For example, we have special training for new hires and roles with access to customer data and host in-person engagements at global office locations, including APJ and Europe, Middle East, and Africa (EMEA).
  • We prioritize employee development and support employees in acquiring new skills and certifications such as the IAPP CIPP/E and IAPP AI Governance certifications.
  • We maintain a network of privacy champions in every region who are empowered to help their organization make privacy-conscious decisions and reinforce privacy messages.

We innovate responsibly, which means:

  • We employ internal tools to help oversee and administer our privacy programs efficiently.
  • We build and deploy AI responsibly, with privacy and security standards woven into our products and processes.
  • We embed our privacy principles and responsible AI principles in our day-to-day work. This includes creating configurable technology to provide customers with the tools they need to meet the changing regulatory landscape.
  • We are constantly monitoring and evaluating our privacy practices to help meet the evolving needs of our customers and the regulatory landscape.

We safeguard trust, which means:

  • We proactively create comprehensive privacy-related materials to help enable compliance, including sample Transfer Impact Assessments to address transfers of European and UK personal data and FAQs on our Workday Community customer site to help APJ customers understand the potential impact of changes in newly emerging laws.
  • We engage with global regulators and customers to understand their perspectives, share our objectives, and reinforce our commitment to building technology they can trust.
  • We have an established global data protection officer (DPO) and deputy DPO. And, we remain vigilant about monitoring any developments regarding DPO requirements across regions.

It’s clear that the Workday approach to safeguarding global privacy guides our every action. By understanding the complexities of global privacy regulations and predicting where they will change, continuously refining our approach, and providing unwavering support to our customers, we aim to meet our customers’ future needs and exceed their expectations.

Join us in-person or digitally at Workday Rising, September 16-19, 2024. Connect with industry peers and thought leaders, and learn how we’re taking work forever forward with a single, unified platform. Register Now.

More Reading