Q&A - Sisense and the GDPR
GDPR - Overview
GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council). The GDPR replaced the EU Data Protection Directive (Directive 95/46/EC of the European Parliament and of the Council) and came into effect on May 25, 2018 as the European Union’s (EU) data protection regulation.
The main goal of the GDPR is to ensure the legal and safe processing of personal data of European individuals. It is considered as the gold standard in terms of the protection of personal data, and, it is expected, that a majority of the countries will soon adopt and be protected by modern privacy laws that are in the same vein as GDPR.
The GDPR applies to all organizations that have establishments in the EU and to organizations that process personal data of European individuals.
Personal data only includes information relating to persons who: (i) can be identified directly or indirectly from the information in question; or (ii) who can be indirectly identified from that information in combination with other information. For example, personal data may include names, identification numbers, location data, online identifiers, home addresses, etc.
As a service provider, when processing personal data as part of our solutions and services, Sisense is a data processor and Sisense’s customers are the data controllers. Sisense could also be considered a subprocessor if it is engaged by another services provider.
Data Transfers under GDPR
Yes, provided that the transferring entity puts certain approved measures in place. Sisense relies, among others, on the Standard Contractual Clauses (SCC), also called Model Clauses, to safely transfer data outside of the European Economic Area (EEA).
On July 16, 2020, the Court of Justice of the European Union (CJEU), in the decision known as “Schrems II”, ruled that the SCC can be relied on as a data transfer mechanism, subject to the data controller’s case-by-case analysis (known as a Transfer Impact Assessment).
Absolutely. After the European Commission published its new set of SCC on June 4, 2021, we have updated our standard DPA (Data Processing Addendum) form.
Our standard DPA form applies automatically to all new Sisense customers starting on September 27, 2021 (the date on which the new SCC came into effect). If you are an existing customer and wish to update your existing DPA with Sisense, please reach out to your support team at Sisense.
Sisense has put in place a number security measures to ensure that the personal data of European individuals remains protected outside of Europe. In addition to our compliance with the new SCC (as described above), Sisense’s standard DPA form elaborates on our commitment to confidentiality and protection of our customer’s personal data, the security measures we have put in place and our general compliance process with GDPR. You may find all this information in our standard DPA form.
In light of the “Schrems II” decision and the guidelines of the European regulators, Sisense has prepared a whitepaper that may assist our customers and prospects to perform their Transfer Impact Assessment (TIA) in relation to Sisense’s products and services and their data transfers to Sisense.
In this whitepaper, Sisense elaborates on commonly asked questions regarding personal data transfers to Sisense and the safeguards and “supplementary measures” implemented by Sisense in relation to such transfers.
If you want to get a copy of this whitepaper, please reach out to your support team at Sisense.
The ‘Brexit’ and the UK GDPR
Certainly. After the United Kingdom left the European Union, it adopted its own version of GDPR (known as UK GDPR) and its own Model Clauses (known as the UK SCC). Our standard DPA form incorporates the new UK SCC. Of course, the rest of the measures described above apply to these transfers as well.
Last but not least
Sisense’s Privacy Team is always available to discuss privacy, data protection and our compliance with the GDPR and the UK GDPR, the new SCC and the UK SCC, and any other privacy-related question or concern. Please feel free to contact us at [email protected].