GDPR
Cloud Coach is committed to best practices regarding your privacy. On 25 May 2018, authorities from the European Union (EU) began enforcing the EU General Data Protection Regulation (EU GDPR). The EU GDPR expanded and protects the rights of individuals and increases the obligations on businesses that collect personal data about individuals in the EU. The EU GDPR protects all EU citizens, no matter where the business is located.
Following the United Kingdom’s (UK) decision on 23 June 2016 to leave the European Union, and the end of the transition period for the UK’s exit from the EU on 1 January 2021, the UK General Data Protection Regulation (UK GDPR) now applies in the UK along with the Data Protection Act (DPA) 2018.
References to ‘GDPR’ or ‘General Data Protection Regulation’ below shall include both the EU GDPR and the UK GDPR.
In order to support the regulations set forth in the GDPR and ensure compliance with data protection law, Cloud Coach has actively implemented data protection policies and processes.
Here is additional information about GDPR.
The EU General Data Protection Regulation is a fully re-written and updated data protection law for the European Union. It was created to simplify the disparate laws across the EU that handled data privacy into a single regulation. This supported the EU’s digital single market strategy and strengthened the rights of individual citizens to control how their data is used.
The UK GDPR and the DPA 2018 ensures that the rights of individual citizens to control how their data is used remains protected to the same standard following the UK’s exit from the EU.
GDPR focuses on how companies process personal data – meaning how companies use, store, collect and transfer personal data of an individual “in the EU” or “in the UK”, as applicable, must comply with the law – not just EU or UK citizens or businesses located in the EU or the UK.
Personal data covers any information related to an identified or identifiable individual (also called a “data subject”). Personal data includes any type of identifiable information, including gender, phone number, email address, mailing address, and online habits.
The GDPR provides expanded rights to individuals in the EU and the UK and increased the obligations on organizations to protect their personal data. Some of the key elements are: Rights: The GDPR provides enhanced rights for individuals in the EU and the UK including portability, restriction, and deletion of personal data. Accountability: To comply with GDPR, organizations must implement appropriate policies, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with suppliers to protect personal data. Profiling and monitoring: Organizations that profile or monitor behavior of individuals in the EU or the UK have additional obligations under GDPR. Security: Organizations must have technical and organizational measures to secure personal data, including measures such as pseudonymization and anonymization. Data breach notification: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. Enforcement: Authorities can fine organizations up to the greater of €20 million (£17.5 million in the UK) or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. One stop shop: The EU GDPR introduced the concept of a lead supervisory authority to allow organizations operating in many EU countries to work with one data protection authority rather than many for matters such as cross-border data protection issues and enforcement.
For more information on the EU GDPR, you can visit the official EU GDPR website.
For more information on the UK GDPR, you can visit the Data Protection page of the official UK Government website and the guidance provided by the Information Commissioner’s Office.
No, personal data of UK and EU data subjects can be transferred internationally subject to the provisions of the GDPR; for example, where the recipient country has been deemed ‘adequate’ by the UK Government or the European Commission, as applicable, or where we put ‘appropriate safeguards’ in place. Please see our privacy notice for further details on where we send your personal data.
Cloud Coach & GDPR
Cloud Coach sees the GDPR as an important step toward consolidating and streamlining data protection law across the EU. We see GDPR as an opportunity to reinforce our commitment to data protection. Compliance with the GDPR requires a partnership between Cloud Coach, our suppliers in providing services to support our business, and our customers in their use of our services.
At Cloud Coach, we are committed to complying with the forthcoming GDPR. We have looked at the requirements closely and actively ensure that appropriate updates are made to our contracts, documentation, and processes to support our compliance with the GDPR.
Cloud Coach is the only project management solution that is 100% native on the Salesforce Platform that offers four tiers of solutions to meet any business need. Salesforce is highly committed to GDPR compliance. Trust is the number one value for Salesforce and Cloud Coach – nothing is more important to both companies than the protection of our customers’ data.
Cloud Coach's Commitment to Data Protection
Cloud Coach is committed to the success of our customers and the protection of our customers’ data. Cloud Coach’s security overview describes the architecture and infrastructure of our services, the security- and privacy-related audits and certifications we inherit from Salesforce, and applicable administrative, technical, and physical controls material to our services.
To learn more about Cloud Coach’s commitment to privacy of personal data, please see our Privacy Policy. To request access to your personal data under GDPR, please complete this form.