GDPR and Avaya
“Avaya has worked on a number of different areas to enable its customers and channel partners to meet their legal obligations with regards to GDPR when relying on Avaya solutions.”
Senior Vice President, Chief Administrative Officer and General Counsel
GDPR and Avaya
What is GDPR?
The European General Data Protection Regulation (“GDPR”) is a new European Union (“EU”) law, which provides a robust and coherent statutory framework for the protection of “Personal Data” (i.e., data that identifies or may be used to identify an individual). It applies as from May 25, 2018. GDPR marks a paradigm shift in how companies handle and protect Personal Data by giving EU data subjects control and very strong rights over their Personal Data.
Does GDPR Apply to Avaya?
GDPR applies to all companies operating in the EU, selling products and / or services into the EU, or monitoring the behaviour of EU data subjects. It applies not only to the Avaya legal entities established in the EU, but also to the Avaya worldwide affiliates / subsidiaries when they process Personal Data of data subjects residing in the EU or monitoring their behaviour, irrespective of where such Avaya affiliates are located.
Avaya’s Stance Regarding GDPR
Security, privacy and integrity are critical to Avaya and our relationships with our customers and channel partners. Avaya has extensive knowledge in protecting Personal Data and helping its customers and channel partners to meet their legal obligations with regards to Personal Data. We are committed to building on our experience to help our customers and channel partners to comply with GDPR through leading edge technology solutions that enhance privacy, as well as cloud solutions that aim to deliver both security and privacy. Avaya has a long history of providing robust and secure products and services to its customers all over the world. This includes governments, other public authorities and organizations, such as financial institutions, that must meet the highest standards of security.
What is Avaya Doing to Help You to be Compliant With GDPR?
Avaya has worked on a number of different areas to enable its customers and channel partners to be GDPR-compliant when relying on Avaya solutions. Here are the most relevant:
- Contractual Commitment to Privacy
- Security of Processing
- Data Protection by Design and Default
- Fulfilment of Data Subject Rights
- International Transfers
Contractual Commitment to Privacy
We stand behind you. Avaya has rolled out brand-new GDPR compliant Data Processing Addendum and offers it to its customers and channel partners that are in scope of GDPR. This document fulfils legal requirements under GDPR and gives the necessary contractual rights so that Avaya customers and channel partners are in control of the Personal Data entrusted to Avaya for processing.
Security of Processing
Data security is a top priority for Avaya, just as it is for Avaya customers and channel partners. Avaya has highly-skilled professionals to help ensure processing of information and Personal Data under its custody and responsibility is protected, whether related to Avaya remote maintenance solutions, our cloud offerings or to any other solutions where Avaya processes data.
Data Protection by Design and Default
Avaya’s portfolio of on premises and cloud-based solutions have embedded technology features that enable its customers and channel partners to meet privacy by design and default requirements. Furthermore, Avaya is here to advise on the individual settings of respective system and to work with your team to make sure you are able to use our solutions in the most privacy-enhancing ways.
An overview of privacy-related security controls and available methods of access and handling of various types of personal data within Avaya products as well as instructions on how to locate the Data Privacy and Controls Addendums for specific products in the portfolio are available here.
Fulfilment of Data Subject Rights
GDPR contains several data subject rights (e.g., the right to erasure or correction) that can be addressed once Personal Data is located. When Avaya acts as a “data processor” on behalf of its customers we will help our customers to comply with legitimate data subject rights requests. Please direct any such requests to email@example.com.
Avaya is a multinational organization being able to provide world class support 24/7. To do this Avaya uses various locations around the globe. This geographic diversity means Personal Data may be processed from various international locations. Reflecting our commitment to data protection principles, Avaya has obtained the approval from the European Data Protection authorities for our Binding Corporate Rules, both as a processor and as a controller of Personal Data. This approval speaks for Avaya’s uniform and advanced data handing practices, regardless of whether Personal Data is processed in the EU or outside it.
Please refer to this document for additional details.
Let us know if you have any questions with respect to Avaya and GDPR or need support for your data handling activities. Please contact your local Avaya representative or reach out directly to Avaya Global Privacy Office at firstname.lastname@example.org and we will address all your questions and support your individual needs.