How Workday Supports the Tenets of Data Privacy Day Year-Round

We live our lives increasingly online, making what we share with others in the digital world ever more significant. To raise awareness of this, the internationally recognized Data Privacy Day is held annually on Jan. 28 to create awareness about the importance of privacy and protecting personal information.

The day commemorates the 1981 signing of Convention 108, the first legally binding international treaty addressing data protection, and highlights an issue that is of utmost importance to all of us in our daily lives.

At Workday we have joined other businesses and organizations in becoming a Data Privacy Day Champion, because the day’s themes of respecting privacy, safeguarding data, and enabling trust reflect our own priorities of protecting our customers’ data and our own employee data. While we are proud to be a Data Privacy Day Champion, we also know that privacy and data protection require year-round vigilance, and we remain strongly committed to protecting the personal data of our customers and employees.

Here’s how we embrace these principles in our daily actions.

Respecting Privacy

Workday is deeply committed to protecting our customers’ privacy. We provide our customers with an in-depth data protection commitment that sets forth our responsibilities and obligations as a data processor. In addition, we strongly support regulations that protect the cross-border transfer of personal data.

Specifically, Workday was one of the first companies to certify to the new EU-US Privacy Shield. Very recently, the U.S. Department of Commerce announced that a similar framework had been agreed upon with Switzerland for the transfer of Swiss personal data to the U.S.Workday will move quickly towards certification of the Swiss-U.S. Privacy Shield, which will be available on April 12, 2017.

In addition, we continue to actively monitor progress of the APEC Privacy Recognition for Processors System, and intend to certify once it is available. This certification will allow companies that conduct business in APEC member countries to demonstrate that their privacy management practices for processing personal data are compliant with the APEC Cross-Border Privacy Rules Framework. We will continue to maintain our certification as a controller with the APEC Cross Border Privacy Rules System.

Safeguarding Data

Workday has a single security model for all data, transactions, processing, and applications. All end users, administrators, and integrations use the same access mode, preventing situations where individuals access the data directly at the database level. This ensures that access and data changes are tracked and audited, lowering security risk.

Beyond technical controls, safeguarding data requires implementing extensive organizational controls. This month, the privacy team in our global offices conducted an internal awareness campaign, for teams ranging from product management through our support organization. This is part of our ongoing commitment to ensuring all employees safeguard customer data.

Enabling Trust

Workday customers take a trust-but-verify approach to gain assurance that Workday has the tools, technologies, processes, and controls in place to protect their data. To evidence these safeguards, Workday provides our customers with independent third party audit reports such as Service Organization Control (SOC) 1 and SOC 2, as well as certifications to ISO/IEC 27001, ISO/IEC 27018, and PCI-DSS. We are pleased to announce that our most recent SOC 2 report covers all of the available AICPA Trust Services Principles: Privacy, security, confidentiality, availability, and processing integrity. The audit results described in Workday’s SOC reports demonstrate that we have strong controls in all five of these areas.

Workday customers receive notifications when reports are available through a secured site, which also includes information about the Workday Trust Program. The goal of the Workday Trust Program is to create an open and transparent trust framework with our customers. It provides an overarching approach that encompasses all of the Workday initiatives in place and investments made to protect customer data. Recently, we added a dedicated space for data privacy, making it easier for our customers to find information and resources about topics, such as the General Data Protection Regulation, in one place.

At Workday we take the trust placed in us by our customers seriously. Data Privacy Day gives us the welcome opportunity to reflect on our continuous efforts to safeguard that trust.