Data Privacy & GDPR

Extreme Networks is committed to the security, protection and privacy of personal data we collect about our customers and business partners. We are very aware of the growing public concerns about personal data protection.

The European Union’s General Data Protection Regulation (GDPR) is a response to these concerns. It aims to bring consistency to EU data protection laws, and to strengthen the security and protection of personal data by giving EU citizens a higher degree of control over of their personal data, and how it is used in the digital economy. Independent of their location, organizations that collect, store, or process the personal data of EU residents must be able to address these regulations as of May 25, 2018.

Extreme Networks welcomes the GDPR and has implemented related functionality in its Cloud Networking solution.

GDPR Compliance Enablement in ExtremeCloud IQ

Extreme Networks’ ExtremeCloud IQ is our network management system. It is equipped with a set of features that enables our customers to address GDPR-related obligations that result from the “rights to request and be forgotten”, by searching for, downloading and deleting personal data. In addition, ExtremeCloud IQ provides logging and audit tools to track these actions so our customers can better document them.

GDPR Compliance Enablement in Extreme Networks’ Cloud

Where in the Cloud is my Data?

Under GDPR, some data can only be stored or transferred where the state has jurisdiction or where an agreement is in place that protects that data – the data-residency requirement.

Extreme Networks’ public cloud supports this residency requirement. Our cloud architecture is designed so that customer networks from European countries are assigned to a data center located in the EU. Furthermore, customer network data never leaves its assigned datacenter. This in turn enables Extreme Networks and our customers to demonstrate compliance with data-residency requirements.

Data Security in the Cloud

Under GDPR, organizations are also required to design their technical and company processes to secure and protect the personal data they collect and process. With regard to our cloud infrastructure, Extreme Networks takes comprehensive measures to support these requirements, including:

  • Securing the data in our Global Data Center (GDC) and Regional Data Centers (RDC), including with threat-prevention measures, firewalling and penetration testing.
  • Strictly limiting access to our cloud infrastructure to a small number of designated Extreme Networks DevOps engineers.
  • Protecting data storage in the Extreme Networks cloud through encryption.

Additional information about Extreme Networks’ cloud security is located here.

GDPR with Extreme Networks: A Shared Responsibility

Under GDPR, Extreme Networks and the customers using Extreme Networks’ products and services have shared roles and responsibilities regarding GDPR compliance.

As the data processor, Extreme Networks assists our customers (the data controllers) in addressing their GDPR responsibilities, by providing functionality in our products and implementing appropriately secure handling and control of personal data in our cloud.

Additional information about how Extreme Networks supports our customers in their GDPR compliance initiatives is available in our whitepaper “GDPR and Extreme Networks”.

Additional information about the personal data we collect, how we use it and our associated responsibilities is available on the data privacy and protection section on our website.



Data Processor
GDPR defines the “Processor” as the natural or legal entity which processes personal data on behalf of the controller. With regard to Extreme Networks’ products or services, Extreme Networks is classified as a Processor of data because our cloud-networking solution processes network-related data, including personal data, for our customers.

Data Controller
Under GDPR, customers purchasing and using Extreme Networks products and services are considered the Controller of data, because they decide what kind of personal data is collected and how it is processed and stored in their network.

The Right to Request and Be Forgotten
Under GDPR, EU citizens and legal EU residents have several rights that provide them an increased level of control over their personal data. These include the rights to view the data that an organization has collected about them, to demand corrections to this data and to request deletion of their personal data. Extreme Networks has implemented functionality in our cloud networking solution that enables our customers to respond to these requirements.