An Enhanced EU Support Policy for Workday Customers

Providing a safe port for our customers’ data is the top priority for Workday, and a topic I am passionate about. All Workday customers should be confident that their data is protected and secure regardless of where the data is processed.

However, we recognize that some customers remain concerned about data transfers, following the ECJ’s decision that invalidated the Safe Harbor provisions for transferring data from the EU to the US, and we want to provide European headquartered customers the choices they need to make the right decisions for their organisations.

This morning during the opening keynote at Workday Rising Europe in Dublin, we announced an enhanced EU support policy enabling customers in our European data centers, whose data is processed and backed up in Europe, to choose to have their data supported only by personnel based in Europe or other countries with data privacy adequacy. Workday provides support, technical operations, performance analysis, and development capability based out of Europe.

This policy will be operational in the first half of 2016.

As we shared earlier this week, every customer can choose to continue to receive global support through European Commission approved Standard Contractual Clauses (SCCs), which were unaffected by the Safe Harbor court decision. These customers will have all the protections engineered into Workday’s industry-leading security and privacy programs.

Transparency is the foundation for how we do business at Workday. We distinguish ourselves in the industry by clearly telling our customers where their data is stored, and where it is backed up. We provide customers with visibility to Workday’s security and privacy controls through third-party audits (SOC-1 and SOC-2), through ISO Certifications (27001 and 27018), as well as our Customer Audit Program.

Once the enhanced support policy is implemented fully, that too will be audited in our next round of SOC1 and SOC2 reports—a process that happens every six months. We will, of course, also continue to monitor new regulatory changes to ensure that our customers’ data has the highest level of protection.

With this latest news, we are demonstrating once again that we not only listen to our customers, but that our superior solution architecture and our global support operations allow us to quickly implement changes that make a difference to our customers.