On the 25th of May 2018 The European Union (EU) will implement a new set of laws designed to strengthen the privacy rights of EU citizens called the General Data Protection Regulation. These new laws affect how EU citizen’s personal data is collected, processed and used, no matter where a business or organization is located. They have been created in response to the increasing globalization of business, international flows of personal data, and the rapid advancements of the technologies that make these flows possible.
Does WiseTech Global make commitments to its customers with regard to the GDPR?
The GDPR requires that controllers (such as customers using WiseTech Global’s CargoWise One logistics software solutions) only use processors (such as WiseTech Global) that provide sufficient guarantees to meet key requirements of the GDPR. WiseTech Global has taken the proactive step of providing these commitments to all Maintenance and Licensing agreement customers as part of their agreements.
Where can I find WiseTech Global’s contractual commitments with regard to the GDPR?
You can find WiseTech Global’s contractual commitments with regard to the GDPR in the online GDPR Terms. WiseTech Global’s Maintenance and Licensing agreements include the GDPR Terms, which provide WiseTech Global’s core privacy and security commitments, data processing terms, EU Model Clauses, and our GDPR Terms. The GDPR Terms commit WiseTech Global to the requirements on processors in GDPR Article 28. WiseTech Global extends the GDPR Terms commitments to all Maintenance and Licensing agreement customers, regardless of the applicable version of customer’s agreement.
What commitments are in the GDPR Terms?
WiseTech Global’s GDPR Terms reflect the commitments required of processors in Article 28. Article 28 requires that processors commit to:
- only use subprocessors with the consent of the controller and remain liable for subprocessors;
- process personal data only on instructions from the controller, including with regard to transfers;
- ensure that persons who process personal data are committed to confidentiality;
- implement appropriate technical and organizational measures to ensure a level of personal data security appropriate to the risk;
- assist controllers in their obligations to respond to data subjects’ requests to exercise their GDPR rights;
- meet the breach notification and assistance requirements;
- assist controllers with data protection impact assessments and consultation with supervisory authorities;
- delete or return personal data at the end of provision of services; and
- support the controller with evidence of compliance with the GDPR.
Under what basis does WiseTech Global facilitate the transfer of personal data outside of the EU?
On and from 25 May 2018, WiseTech Global will be using the Standard Contractual Clauses (also known as the EU Model Clauses) as a basis for transfer of data for its enterprise online services. The Standard Contractual Clauses are standard terms provided by the European Commission that can be used to transfer data outside the European Economic Area in a compliant manner. WiseTech Global has incorporated the Standard Contractual Clauses into all of our Maintenance and License Agreements via the GDPR Terms.