As demonstrated by our BCRs certification, Workday remains committed to continually enhancing the scope of our compliance programs, including expanding the scope of our audit reports and the breadth of our obtained certifications to demonstrate alignment with industry standards. Workday’s independent third-party audit reports and certifications provide a deep level of transparency and assure our customers, and our customers’ auditors, that our privacy practices are industry-leading.
Customers will be able to rely on our BCRs for the processing of their European personal data by Workday in the delivery of our software-as-a-service. Among other things, BCRs enable the lawful transfer of personal data from the European Economic Area (EEA) to other countries, and under GDPR, they are recognized as a data transfer mechanism for transfers of personal data outside the EEA. Workday will also continue to offer our customers Standard Contractual Clauses and maintain our Privacy Shield and APEC Cross-Border Privacy Rules certifications to enable global data transfers.
In addition to acting as a data transfer mechanism, BCR supports Workday’s broader compliance with the GDPR, including the principles of accountability, lawfulness of processing, general processing requirements, and security of processing.
BCRs are one example of Workday’s commitment to maintaining compliance with comprehensive privacy and security certifications. Highlights of some of our other recent compliance enhancements include:
- Expanding the SOC2 report to include compliance with the NIST Cybersecurity Framework.
- Obtaining a third-party independent auditor’s opinion confirming Workday’s conformity to the applicable requirements of the HIPAA Security, Breach Notification, and Privacy Rules.
- Achieving certification against ISO 27017, which supplements ISO 27002 with additional security guidelines for cloud services.
- Achieving authorization as a service provider for the UK public sector under G-Cloud 9.
At Workday, we understand our customers take a trust-but-verify approach regarding Workday’s processes and controls to protect their data. Workday’s BCRs, along with our new and existing certifications, provide further proof of the strong privacy and security protections we provide for customer data, giving companies the confidence to rely on Workday to help them achieve GDPR compliance.