- Select Your Region
- Region Name 1
- Region Name 2
- Region Name 3
- Region Name 4
- Region Name 5
ConnectWise has self-certified to the EU- US Privacy Shield, and has used Privacy Shield as the basis to transfer EU personal data to the US in compliance with the EU data protection requirements in the GDPR. On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring the EU-U.S. Privacy Shield Framework is no longer a valid mechanism for such transfers. This decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework. The U.S. Department of Commerce will continue to administer the Privacy Shield program and ConnectWise will continue to participate in the EU-U.S. Privacy Shield.
The GDPR provides for other valid legal mechanisms (including EU Standard Contractual Clauses) for ConnectWise to transfers of personal data from the European Economic Area to the US in relation to ConnectWise's services. ConnectWise has updated our Data Processing Addendum to implement the Standard Contractual Clauses in place of Privacy Shield.
Even though Privacy Shield is no longer a lawful basis for transfer, ConnectWise will continue to participate in and maintain its certification under Privacy Shield. This means that ConnectWise will continue to fulfill its Privacy Shield obligations. This includes that ConnectWise will continue to adhere to the Privacy Shield principals in respect of the data that ConnectWise collected under Privacy Shield. ConnectWise will also continue to offer the Privacy Shield arbitration and redress mechanisms.
GDPR refers to the European Union General Data Protection Regulation. It’s arguably one of the most notable privacy and data protection regimes, particularly because of its far-reaching application. GDPR is intended to streamline and harmonize several different privacy laws that existed across individual European Union Member States. GDPR is designed to empower individual data subjects, giving them more control over their own privacy and the usage of their personal data.
Right to Consent
Companies must generally provide a clear and legible way to obtain consent from data subjects before processing their personal data. It must be as easy for an individual to withdraw consent as it is for the individual to give it.
Right to Access
Data subjects have the right to access their personal data and obtain information on how their personal data is being utilized by a company.
Right to be Forgotten
Data subjects have the right to request that any personal data collected from them be erased by the same companies that collected it, subject to certain conditions.
If you haven’t yet prepared for GDPR, now is the time to do so. Partners may consider conducting a GDPR assessment and obtaining legal counsel for their business to advise on GDPR obligations. As part of the process, partners may consider reviewing their data collection policies and processes, and taking steps to understand what personal data the company collects and where it’s stored. Can you provide a well-defined purpose for collecting each piece of data from your customers, if asked? Do you have clear mechanisms to obtain consent where required? Be prepared!
Please be advised that ConnectWise is not your attorney, and this information is not legal advice. This information does not provide, does not constitute, and should not be construed as, legal advice. It is for educational purposes only and is not to be acted or relied upon as legal advice. Use of this information does not create any attorney-client relationship between you and ConnectWise. The information does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney representing you in your jurisdiction. Partners should seek advice from their legal counsel to determine your legal obligations.