<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=598161&amp;fmt=gif">

GDPR compliance

The General Data Protection Regulation (2016/679), (GDPR), is a comprehensive European data protection regulation that came into effect on May 25, 2018. To support our customers compliance with the GDPR, CPA Global has made available data processing terms addressing the specific requirements laid out in Article 28 of the GDPR.

We encourage existing customers that are subject to GDPR to update their existing data processing terms with the amendment given below to ensure they are compliant with the GDPR.

Should you wish to proceed with execution of the amendment, please insert your company name, the CPA Global entity and the relevant agreement and date, execute and return to gdpr@cpaglobal.com. On receipt CPA Global will countersign and return a scanned PDF copy to you for your records.



Download Word document (104 KB)
Download PDF (42 KB)



What is the General Data Protection Regulation (“GDPR”)?

The EU General Data Protection Regulation ("GDPR") is a comprehensive data protection regulation that updated EU laws to strengthen the protection of personal data (any information relating to an identified or identifiable natural person, so called "data subjects") in light of rapid technological developments, the increasingly global nature of business and more complex intentional flows of personal data.

Does GDPR apply to my company?

The GDPR not only applies to organisations located within the EU, but it also applies to organisations located outside of the EU in they offer goods or services to, or monitor the behaviour of EU data subjects. It applies to all companies processing (means any operation performed on personal data, such as collection, storage, transfer, dissemination or erasure) and holding the personal data of data subjects residing in the European Union, regardless of the company's location.

How did CPA Global prepare for the GDPR?

CPA Global welcomed the GDPR as an opportunity to deepen our commitment to data protection and completed a comprehensive GDPR programme to ensure good practice was embedded within our business.

CPA Global use the principles set out in the GDPR as our global standard for processing personal data, for both our customer and employee data.

Compliance with the GDPR requires a partnership between CPA Global and our customers in their use of our software and services. CPA Global complies with the GDPR in the delivery of our software and services to our customers. We continuely look to make enhancements to our products, contracts, and documentation to help support CPA Global’s customers’ compliance with the GDPR.

Is CPA Global compliant with the California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA), grants, a consumer rights regarding their personal information that is held by a business.

The requirements of the CCPA are compatible and do not supersede those of the EU GDPR.  

CPA Global will continue to use the principles set out in the GDPR as our global standard for processing personal data, for both our customer and employee data. Thereby meeting the requirements set out in the CCPA.

How does CPA Global implement Privacy by Design?

We have established data privacy policies and practices to ensure compliance with the GDPR. All new products and services which process personal data are required to undergo a Privacy Impact Assessment, performed by our Data Privacy team prior to being launched. 

Privacy Impact Assessments are designed in accordance with the GDPR requirements and consider all privacy principles, including fair and lawful processing, accuracy, storage and purpose limitation and others. This effort is driven by the need to ensure that CPA Global are compliant with the GDPR, and to identify how our products can support customers in complying with their GDPR compliance.  We are committed to protecting the personal and confidential data of our customers, suppliers and our staff and this is a corporate priority for the organisation.

As the world’s leading Intellectual Property (IP) Management and Technology company, it is of paramount importance for CPA Global to not only meet its own compliance with data security and privacy requirements but also understand how we can support our customers in meeting their regulatory obligations when providing products and services to them. Data is at the very heart of CPA Global, therefore the company recognizes the importance of appropriate data management practices to safeguard our customers’ and our own information assets and protect any confidential data from unauthorised access and disclosure.

Why is CPA Global offering this GDPR Amendment?

CPA Global created the GDPR Amendment to provide our customers with an efficient way to address the specific contract requirements laid out in Article 28.

Where can I find CPA Global Supplier List?

Referenced in the GDPR Amendment, view the sub-processors list here.

Has CPA Global considered the impact of the Schrems II decision on international data transfers?

We are aware that on 16 July 2020, the European Court of Justice invalidated the EU-US international data transfer mechanism known as Privacy Shield in Case C-311/18, known as “Schrems II”.  CPA Global immediately reviewed its dependencies on the mechanism and where necessary we are in discussion with sub-processors to understand how they are responding to the Schrems II decision.  Please be assured that CPA Global have in place an intra-group agreement which are based upon Standard Contractual Clauses.

As this is a particularly volatile area at the moment, CPA Global is keeping abreast of developing legal advice, so as to ensure we are adopting the best possible solution.  For all your questions on the matter, please contact our privacy team on gdpr@cpaglobal.com