Workday is proud to announce that it has been added to the Department of Commerce list of self-certified Privacy Shield participants, confirming that it complies with the Privacy Shield principles for the transfer of European personal data to the United States. This is great news for our customers, providing them with an even better data transfer mechanism than the Safe Harbor privacy framework overturned in 2015. Workday moved quickly to sign up on the first day the U.S. Department of Commerce launched the Privacy Shield certification process as part of our strong, ongoing commitment to privacy and protecting our customers’ data.
The Privacy Shield is the new European Commission-approved mechanism that enables the transfer of personal data from Europe to the U.S. in compliance with European data protection law. As the successor to Safe Harbor, the Privacy Shield introduces stronger obligations on the handling of data and provides greater protections for individuals.
This is great news for our customers, providing them with an even better data transfer mechanism than the Safe Harbor privacy framework overturned in 2015.
As part of our certification, Workday agrees to resolve privacy-related issues in an expedient manner through cooperation with European data protection authorities and binding arbitration. In addition, the Privacy Shield aligns closely to the recently adopted General Data Protection Regulation (GDPR), enabling Workday to begin updating internal policies in advance of the May 2018 GDPR effective date.
With today’s announcement, customers will have a choice of data transfer mechanisms: the Privacy Shield and the European Commission-approved Standard Contractual Clauses. We know that implementing Standard Contractual Clauses can be a time-consuming process, as certain filings and approvals may need to take place prior to data transfers. That’s why we prioritized submitting our Privacy Shield certification on day one, offering customers greater flexibility in data transfer mechanisms.
In addition, Workday is pursuing approval for Binding Corporate Rules (BCR) as a data processor, which will provide our customers with another robust mechanism to facilitate transfers of personal data from the EU to Workday when using the Workday service.
Workday worked with EU and U.S. government policymakers throughout the formation of the Privacy Shield to help ensure a positive result. Global enterprises, including Workday customers, are the beneficiaries of the hard work and ingenuity of representatives of the European Commission, EU member states, and the U.S. government, including the Federal Trade Commission and Department of Commerce. The agreement marks an important step towards re-establishing a close and trusting transatlantic relationship.
Workday looks forward to continuing to work closely with government stakeholders on both sides of the Atlantic, including through the transition to a new U.S. administration, as the Privacy Shield is implemented and refined.
Editor’s note: This post has been updated August 12, 2016 to reflect that Workday is now self-certified to the Privacy Shield.