See Autotask in action. Ask questions. And more. It all starts with your personalized demo.
Since our July 2017 update on compliance with the European General Data Protection Regulation (GDPR), many customers have contacted us for more information on how the GDPR may affect their continuing use of Autotask products. While we will continue to respond to these inquiries as they are received, we are providing this general update to assist all our customers as they move toward compliance.
Worldwide Product Compliance
Many of our customers operate in multiple jurisdictions around the world. To ensure a consistent user experience, Autotask intends to apply GDPR requirements to our products worldwide. We believe that use of uniform rules and program logic will greatly enhance our customers’ ability to comply with the GDPR’s requirements.
Cross-Border Data Transfers and Data Storage
The GDPR imposes specific requirements and limitations on data transfers from the EU to countries outside the EU. Autotask currently offers a Data Processing Addendum containing standard contractual clauses allowing such transfers. We anticipate continuing to facilitate data transfers via standard contractual clauses after the implementation of the GDPR and are evaluating other legal bases for data transfer to ensure that our business partners and customers can continue to seamlessly use Autotask products after May 2018.
Autotask also understands its EU-based customers are concerned regarding the potential impact of Brexit on data stored in our UK data center. We have no reason to believe that we will not be able to continue to process data for our EU-based customers in the UK post-Brexit. We are, however, preparing contingency plans to ensure that we can continue to provide uninterrupted service should Brexit have unexpected impacts on EU-UK data transfers.
PII Collected Regarding Users of Autotask Products
By design and default, Autotask’s products collect only limited amounts of personally identifiable information (PII). The types of PII collected are those that Autotask has determined are necessary for our products to function and to provide the services our customers have requested. Examples of the types of PII collected by our products include user name, email address, and log data (such as log on times, IP address, and files accessed). Autotask is reviewing its data collection practices to determine whether any changes are necessary or appropriate prior to the GDPR’s effective date.
PII Collected by Autotask Business Partners and Customers
Many of our customers use Autotask products to collect, process, and store PII. In these situations, Autotask functions as the data "processor." Decisions on what data to collect, how long it is stored and how it is used reside with customers who act as the data "controller."
As the GDPR implementation date approaches, we are reviewing our systems and processes to ensure that we will be able to fully comply with our obligations as a processor, including providing required assistance to our customers in fulfilling their obligations as controllers.
We are actively working to develop enhanced product features that we expect will help streamline our customers’ compliance efforts. We expect to implement those features well before the GDPR goes into effect next year. In particular, to the extent not already incorporated into our products, we plan to deliver product enhancements to address specific heightened GDPR requirements relating to notice, consent, access, correction, erasure (the "right to be forgotten"), and portability.
Because the specific product features used by our customers and the data they collect varies greatly (including use of custom data fields and unique application integrations), we encourage customers who have specific questions or requests relating to GDPR compliance to contact us at firstname.lastname@example.org.
In May 2018, a new European privacy law, the General Data Protection Regulation (“GDPR”), goes into effect. The GDPR fundamentally changes European privacy law and requires all companies that handle “personal data” of individuals in the EU to adopt more stringent privacy and security practices. (For our customers in the UK, to date, all indications are that the UK will adopt national laws that substantially mirror the GDPR even after Brexit.)
Consistent with our corporate focus on customer privacy and security, Autotask is making a substantial investment of time and resources to ensure its products and services are fully GDPR compliant by May 2018. These investments include a comprehensive company-wide review of all Autotask business relationships, products, services and data handling practices. Autotask’s compliance effort is being led by its global Privacy Team, whose members include senior executives and product specialists from key functional areas and geographic regions and who have deep knowledge of and experience with Autotask’s products and data handling practices. Key tasks being managed by the Privacy Team include but are not limited to:
Over the next several months, we will be reaching out to our resellers and customers with updates on our GDPR compliance efforts and with important information on any changes to Autotask contracts, licenses, products, services and business practices that may affect sale and use of our products and services.
In the meantime, Autotask’s GDPR compliance efforts are only once piece of a much larger effort. The GDPR imposes significant obligations on all entities that process personal data, including Autotask resellers and customers who have their own privacy, security and data processing obligations.
Autotask recommends that all resellers and customers who use Autotask products and services to process “personal data” begin working with their legal and technical advisers to ensure that their data handling practices comply with the complicated requirements of the GDPR. Key issues that should be addressed include:
Answering these questions and the many others raised by the GDPR is critical to ensuring that your organization is GDPR-ready by May 2018.
Autotask cannot provide you with advice on how the GDPR affects your organization generally (those are issues you must raise with your legal and other advisers), but we are here to help with any questions on how the GDPR affects your use of Autotask products. If you have specific questions about Autotask’s GDPR compliance efforts and how those efforts may impact your use of Autotask’s products and services, please contact us at email@example.com.
26 Tech Valley Drive, Suite 2
East Greenbush, NY 12061
Telephone +1 518 720 3500
Fax +1 518 720 3407