The General Data Protection Regulation (2016/679), (GDPR),is a comprehensive new European data protection regulation that will take effect on May 25, 2018. To support our customers in their journey to compliance with the GDPR, CPA Global is making available an amendment to our data processing terms addressing the specific requirements laid out in Article 28 of the GDPR.
We encourage existing customers that are subject to GDPR to update their existing data processing terms with this amendment to ensure they are prepared for the GDPR ahead of time.
Should you wish to proceed with execution of the amendment, please insert your company name, the CPA Global entity and the relevant agreement and date, execute and return to firstname.lastname@example.org. On receipt CPA Global will countersign and return a scanned PDF copy to you for your records.
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection regulation that updates existing EU laws to strengthen the protection of personal data (any information relating to an identified or identifiable natural person, so called “data subjects”) in light of rapid technological developments, the increasingly global nature of business and more complex international flows of personal data. It replaces the current patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state.
The GDPR not only applies to organisations located within the EU, but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing (means any operation performed on personal data, such as collection, storage, transfer, dissemination or erasure) and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
CPA Global welcomes the GDPR as an opportunity to deepen our commitment to data protection.
Compliance with the GDPR requires a partnership between CPA Global and our customers in their use of our software and services. CPA Global will comply with the GDPR in the delivery of our software and services to our customers. We are working to make enhancements to our products, contracts, and documentation to help support CPA Global’s customers’ compliance with the GDPR.
CPA Global will use the principles set out in the GDPR as our global standard for processing personal data, for both our customer and employee data.
We have established data privacy policies and practices to ensure compliance with the GDPR. All new products and services which process personal data are required to undergo a Privacy Impact Assessment, performed by our Chief Data Privacy Officer prior to being launched.
Privacy Impact Assessments are designed in accordance with the GDPR requirements and consider all privacy principles, including fair and lawful processing, accuracy, storage and purpose limitation and others. This effort is driven by the need to ensure that CPA Global are compliant with the GDPR, and to identify how our products can support customers in complying with their GDPR compliance. We are committed to protecting the personal and confidential data of our customers, suppliers and our staff and this is a corporate priority for the organisation.
As the world’s leading Intellectual Property (IP) Management and Technology company, it is of paramount importance for CPA Global to not only meet its own compliance with data security and privacy requirements but also understand how we can support our customers in meeting their regulatory obligations when providing products and services to them. Data is at the very heart of CPA Global, therefore the company recognizes the importance of appropriate data management practices to safeguard our customers’ and our own information assets and protect any confidential data from unauthorised access and disclosure.
CPA Global created the GDPR Amendment to provide our customers with an efficient way to address the specific contract requirements laid out in Article 28. The GDPR Amendment adds newly-required provisions to our customers’ existing data processing terms.
Referenced in the GDPR Amendment, view the sub-processors list here.