• Location
    • Select Your Region
    • Region Name 1
    • Region Name 2
    • Region Name 3
    • Region Name 4
    • Region Name 5
Get a Free Trial
Got It!

The website uses cookies. Cookies allow us to give you the best browsing experience possible and mean that we can understand how you use our site. By continuing to use this website, you are giving consent to cookies being used. For more information, please see our privacy policy. Privacy Policy

ConnectWise Partners

Are You Ready for GDPR?

GDPR is coming whether your business is ready or not. Prepare your company with a sound strategy around personal data collection!

ConnectWise has self-certified to the EU- US Privacy Shield, and has used Privacy Shield as the basis to transfer EU personal data to the US in compliance with the EU data protection requirements in the GDPR. On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring the EU-U.S. Privacy Shield Framework is no longer a valid mechanism for such transfers. This decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework. The U.S. Department of Commerce will continue to administer the Privacy Shield program and ConnectWise will continue to participate in the EU-U.S. Privacy Shield.

The GDPR provides for other valid legal mechanisms (including EU Standard Contractual Clauses) for ConnectWise to transfers of personal data from the European Economic Area to the US in relation to ConnectWise's services. ConnectWise has updated our Data Processing Addendum to implement the Standard Contractual Clauses in place of Privacy Shield.

Even though Privacy Shield is no longer a lawful basis for transfer, ConnectWise will continue to participate in and maintain its certification under Privacy Shield. This means that ConnectWise will continue to fulfill its Privacy Shield obligations. This includes that ConnectWise will continue to adhere to the Privacy Shield principals in respect of the data that ConnectWise collected under Privacy Shield. ConnectWise will also continue to offer the Privacy Shield arbitration and redress mechanisms.

What is GDPR?

GDPR refers to the European Union General Data Protection Regulation. It’s arguably one of the most notable privacy and data protection regimes, particularly because of its far-reaching application. GDPR is intended to streamline and harmonize several different privacy laws that existed across individual European Union Member States. GDPR is designed to empower individual data subjects, giving them more control over their own privacy and the usage of their personal data.

"Personal data is any information relating to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."

— the European Commission

Why Should Partners Care?

This new regulation strengthens previous data protection efforts in the EU, providing additional enforcement powers for protecting data subjects’ personal data. The GDPR spells out the rights of data subjects, including:

Right to Consent

Companies must generally provide a clear and legible way to obtain consent from data subjects before processing their personal data. It must be as easy for an individual to withdraw consent as it is for the individual to give it.


Right to Access

Data subjects have the right to access their personal data and obtain information on how their personal data is being utilized by a company.


Right to be Forgotten

Data subjects have the right to request that any personal data collected from them be erased by the same companies that collected it, subject to certain conditions.

When Does it Go into Effect?

May 25, 2018 is the global enforcement date for GDPR.

In addition, GDPR also imposes mandatory breach notification obligations whenever a company experiences a data breach that is likely to “result in a risk for the rights and freedoms of individuals”. There are incentives for regulators across Europe to enforce these personal data rights; companies found to be in non-compliance with certain GDPR requirements can be fined up to 4% of their total worldwide annual revenue or €20 Million (whichever is greater).

How Far Does GDPR Reach?

As mentioned, one of the most notable changes from the existing EU framework is GDPR’s far-reaching application. Per the EUGDPR.org website, the rules apply to both controllers and processors meaning 'clouds' will not be exempt from GDPR enforcement. So even if your organization does not have a physical presence in the EU, you may be subject to GDPR.

What Should You Do?

If you haven’t yet prepared for GDPR, now is the time to do so. Partners may consider conducting a GDPR assessment and obtaining legal counsel for their business to advise on GDPR obligations. As part of the process, partners may consider reviewing their data collection policies and processes, and taking steps to understand what personal data the company collects and where it’s stored. Can you provide a well-defined purpose for collecting each piece of data from your customers, if asked? Do you have clear mechanisms to obtain consent where required? Be prepared!

Helpful Links to Learn More

Please be advised that ConnectWise is not your attorney, and this information is not legal advice. This information does not provide, does not constitute, and should not be construed as, legal advice. It is for educational purposes only and is not to be acted or relied upon as legal advice. Use of this information does not create any attorney-client relationship between you and ConnectWise. The information does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney representing you in your jurisdiction. Partners should seek advice from their legal counsel to determine your legal obligations.

Partner Support