Safeguarding the privacy of our customers’ most sensitive data will always be top-of-mind here at Workday. While it is important to constantly reevaluate our internal data protection practices, it’s also important to engage with the policymakers and companies who are trying to create a better, more trusted future for all cloud customers.
This is why Workday is excited to announce we have joined the General Assembly of the EU Cloud Code of Conduct (EU Cloud CoC), a group of cloud service providers working to demonstrate and assure companies and regulators of their compliance with privacy laws in advance of the General Data Protection Regulation (GDPR).
The EU Cloud CoC, an outgrowth of the European Commission-sponsored Cloud Select Industry Group, will make it easier and more transparent for customers to analyze whether cloud services are appropriate for their particular scenarios. The finalization of the CoC and its clarity about cloud service providers’ obligations will contribute to an environment of trust and drive strong privacy practices in the European cloud computing market.
Workday’s commitment to the standards of the EU Cloud CoC will give our customers additional assurances, on top of our established privacy compliance program, that Workday is taking appropriate steps to safeguard their personal information and comply with GDPR.
Once the EU Cloud CoC is finalized, Workday plans to demonstrate our adherence to its requirements through a system of self-evaluation and self-declaration of compliance.
In addition to participating in the EU Cloud CoC, Workday recently enhanced existing audit and certification mechanisms to provide our customers with greater transparency on how our control framework aligns to the GDPR. As an example, our upcoming SOC 2 audit report includes a matrix mapping security and privacy controls to GDPR requirements, illustrating how our processing activities support our customers own GDPR compliance obligations.
With the deadline for GDPR quickly approaching, Workday’s participation in the EU Cloud CoC further demonstrates our commitment to the new regulation. We look forward to contributing to the development of the code of conduct, and remain committed to European data protection requirements.