As part of our certification, Workday agrees to resolve privacy-related issues in an expedient manner through cooperation with European data protection authorities and binding arbitration. In addition, the Privacy Shield aligns closely to the recently adopted General Data Protection Regulation (GDPR), enabling Workday to begin updating internal policies in advance of the May 2018 GDPR effective date.
With today’s announcement, customers will have a choice of data transfer mechanisms: the Privacy Shield and the European Commission-approved Standard Contractual Clauses. We know that implementing Standard Contractual Clauses can be a time-consuming process, as certain filings and approvals may need to take place prior to data transfers. That’s why we prioritized submitting our Privacy Shield certification on day one, offering customers greater flexibility in data transfer mechanisms.
In addition, Workday is pursuing approval for Binding Corporate Rules (BCR) as a data processor, which will provide our customers with another robust mechanism to facilitate transfers of personal data from the EU to Workday when using the Workday service.
Workday worked with EU and U.S. government policymakers throughout the formation of the Privacy Shield to help ensure a positive result. Global enterprises, including Workday customers, are the beneficiaries of the hard work and ingenuity of representatives of the European Commission, EU member states, and the U.S. government, including the Federal Trade Commission and Department of Commerce. The agreement marks an important step towards re-establishing a close and trusting transatlantic relationship.
Workday looks forward to continuing to work closely with government stakeholders on both sides of the Atlantic, including through the transition to a new U.S. administration, as the Privacy Shield is implemented and refined.
Editor’s note: This post has been updated August 12, 2016 to reflect that Workday is now self-certified to the Privacy Shield.