General Data Protection Regulation (GDPR)

Customer Communication Regarding GDPR

Thank you for your interest in how Extreme Networks is preparing for the GDPR. We take data protection and data privacy very seriously, as we know you do too.
Development of our thorough, company-wide GDPR compliance programme is well underway. This programme has been specifically tailored to ensure we meet our obligations under the GDPR, and continue to improve the good data protection practices that we have developed across the company.

In particular, our compliance programme includes the following steps:

  • Customer Contract Amendments: we are preparing GDPR-ready amendments that will be implemented where needed across our customer contracts. These will ensure that customer agreements are updated where necessary to comply with the GDPR, and data moving between Extreme and our customers does
    so lawfully.
  • Vendor Contract Amendments: we are carrying out a similar contract review and update process for our vendor agreements.
  • Education and Training: we are producing an entirely new set of GDPR-compliant guidelines and internal policies. These detailed materials each address a different Extreme Networks business function, and set out how our global Data Privacy Policy and core data processing principles apply in practice. They are carefully designed to enhance employee awareness of the GDPR and ensure that any relevant obligations under the new legislation are understood and met day-to-day. To take one example, our ‘Privacy by Design Guidelines’ help ensure that privacy concepts are ‘built in’ to systems, projects and products at the outset, setting out the requirements for Privacy by Design and by Default, and identifying the key issues to consider and questions to ask before initiating a new project that will involve the processing of personal data.
  • Data Transfers: we are revising our data transfer solutions to bring them in line with the new GDPR requirements for cross-border transfers, both inside and outside the European Economic Area.
  • IT Security: As part of Extreme’s continuous IT Risk Management and Security Compliance program, the GDPR requirements have been folded into our wider data privacy controls to ensure all stakeholder data, whether internal or external, is suitably managed
    and protected.

In addition, we have analyzed our existing range of products and services with a focus on GDPR requirements and compliance. Our products and services are designed with network security in mind, and, depending on the product, are specifically engineered to help you assess and address the security of your network—a key step on the road to meeting your GDPR compliance obligations (see Thinking Beyond GDPR). Additionally, to the extent the products and services we offer involve the processing or storage of your (or your customers’) personal data, placing Extreme Networks in the role of a Data Processor, we will have safeguards in place to ensure this processing activity meets GDPR requirements. Importantly, Extreme does not typically engage in the processing of sensitive personal data (e.g., details about an individual’s race, ethnicity, or sexual orientation).

In closing, the GDPR currently is a major priority for us, just as it is for you. We appreciate the importance compliance plays for you, and are busy putting into practice the steps outlined above.