Two years into the worldwide pandemic, video conferencing has not solely change into a part of our each day routines, however it has additionally change into the best way we do enterprise, how we be taught, and the best way we keep near family and friends. It has gone from being a useful gizmo, to turning into mission important.
Shifting a big a part of our lives on-line and embarking on the hybrid work journey additionally brings up questions: resembling which video convention system is most suited to a company’s or particular person’s wants, and what stage of information safety and privateness is obtainable. Prospects, customers, and knowledge safety authorities throughout Europe wish to make certain private knowledge is protected – and rightfully so.
To assist organizations make these essential selections, forward of Worldwide Privateness Day, we needed to handle 5 key matters referring to Webex by Cisco and privateness.
Cisco Webex: compliance with the GDPR
Webex was engineered with knowledge safety by design and default, and can be utilized by prospects in compliance with the GDPR and comparable privateness legal guidelines around the globe.
Webex has been declared adherent to the EU Cloud Code of conduct (EU Cloud CoC), demonstrating it may be utilized in compliance with the GDPR. The EU Cloud CoC solidifies the authorized necessities of Article 28 of the GDPR for its sensible implementation inside the cloud market. The European Information Safety Board (EDBP), which incorporates all EU Member State Information Safety Authorities, has reviewed and permitted the EU Cloud CoC. SCOPE Europe, an unbiased monitoring physique, confirmed Webex meets all the necessities of the EU Cloud CoC.
For extra details about Webex and the EU Cloud CoC, see Webex by Cisco earns adherence to the EU Cloud Code of Conduct.
EU knowledge residency: forward of schedule
Localized knowledge processing within the EU will not be an express regulatory requirement – GDPR permits for worldwide knowledge switch mechanisms, derogations, and exceptions. Nonetheless, we offer prospects with an applicable stage of selection and management over their knowledge, together with the place knowledge is saved and processed.
In July 2021, we opened a brand new knowledge middle in Frankfurt, Germany. For our EU prospects, which means that all user-generated content material (like messages, recordings, and information), for Webex alongside person profiles, and analytics are saved within the EU, in our knowledge middle in Frankfurt, with a back-up in Amsterdam, Netherlands. We’re on monitor to ship knowledge residency for any remaining knowledge as nicely within the EU in 2022.
Learn extra about our knowledge migration course of on our Webex Weblog, Celebrating main strides in direction of full EU knowledge residency for Webex prospects.
Webex: a 360-degree method to safety
Safety and privateness are core to Cisco. Defending buyer knowledge is an ongoing precedence and we constantly spend money on compliance capabilities and in assembly worldwide safety and privateness requirements.
Webex has a 360-degree method to safety, together with robust encryption, extremely safe search, system and browser safety, and retention and archiving outlined by prospects’ coverage. Solely authenticated customers can view messages and information in Webex areas.
We combine safety and privateness from the earliest phases of improvement, ensuring they’re in-built by design, not bolted on after the very fact. The Cisco Safe Improvement Lifecycle (CSDL) follows a secure-by-design philosophy from product ideation, via operation, to end-of-life. Privateness Impression Assessments (PIAs) are a required step within the CSDL course of and should be accomplished earlier than merchandise are permitted for launch.
As well as, Cisco has a longstanding “no backdoor” coverage. We prohibit undisclosed product options which are designed to permit unauthorized system or community entry, expose delicate system data, or bypass safety features or restrictions.
Webex was constructed to observe extremely acknowledged privateness frameworks resembling:
- EU Binding Company Guidelines – Controller
- C5 certification by the German BSI (defining safety stage for cloud computing)
- ISO 27001 (data safety administration)
- ISO 27017 (implementing data safety processes)
- ISO 27018 (defending personally identifiable data in public clouds)
- ISO 27701 (privateness data administration)
- SOC 2 Sort II (controls for safeguarding buyer knowledge)
- APEC Cross Border Privateness Guidelines
- APEC Privateness Recognition for Processors
Safeguard measures in step with the Schrems II ruling
The processing of private knowledge throughout worldwide borders by Webex complies with the necessities of the Courtroom of Justice of the European Union’s (CJEU) Schrems II ruling. We use permitted switch mechanisms listed within the GDPR, resembling Binding Company Guidelines (BCR)–Controller and the brand new Customary Contractual Clauses (SCCs) along with further technical, contractual and organizational measures. These further safeguards observe the EDPB’s Suggestions for worldwide knowledge transfers in mild of the Schrems II determination.
Learn extra about our response to Schrems II.
Notice that the GDPR doesn’t prohibit cross-border knowledge transfers. It helps and promotes the protected and safe, world free move of private knowledge, so long as the processing adheres to the EU normal of care. Because the CJEU clarified in Schrems II, GDPR switch mechanisms with further safeguards can be utilized to legally switch and course of EU private knowledge outdoors of the EU.
Webex, Third Events and our Principled Strategy
We don’t promote, monetize, or share buyer private knowledge with third events for advertising or promoting functions.
In some instances, Cisco engages with service suppliers to help in providing companies for Webex. As sub-processors, these service suppliers function solely upon written directions from Cisco and preserve the identical stage of safety and privateness as we do. We’re clear with our prospects about how their knowledge is processed through our Privateness Information Sheets.
All Cisco sub-processors bear a rigorous safety and privateness evaluation to verify their compliance with our necessities. They’re additional sure by a knowledge processing settlement which contains the EU Customary Contractual Clauses and locations strict limits on their use and processing of any knowledge offered by us or our Webex prospects and customers. Our Provider Information Safety Settlement templates had been a part of the submission package deal for our BCR-Controller approval and Webex’s adherence to the EU Cloud Code of Conduct verification. EU regulators and unbiased assessors have confirmed our compliance.
Lastly, if any authorities requests entry to buyer knowledge, resembling in case of a regulation enforcement course of, we apply our ‘Principled Strategy’. This states that, if we had been to obtain a authorities request to entry knowledge, Cisco doesn’t routinely hand over knowledge in response. First, we’ll search to inform the shopper and redirect the request to them as the information controller. Now we have publicly declared these commitments as a signatory to the Trusted Cloud Rules and included them in our buyer contracts.
Twice a yr, we publish transparency studies and publicly disclose details about the quantity and forms of authorities calls for for buyer knowledge we obtained for the related time interval, and our responses.
We’re dedicated to guard knowledge, respect privateness, and ship safe applied sciences and options to fulfill our prospects’ wants. We welcome a dialog on privateness and safety with prospects, customers, and knowledge safety authorities alike. We hope our solutions above assist make clear our method, our dedication to privateness and safety, and the concrete actions we take to help that dedication.
For extra data, go to the Webex Belief Heart or get in contact with us.