Customer Communication Regarding GDPR
Thank you for your interest in how Extreme Networks is preparing for the GDPR. We take data protection and data privacy very seriously, as we know you do too.
Development of our thorough, company-wide GDPR compliance programme is well underway. This programme has been specifically tailored to ensure we meet our obligations under the GDPR, and continue to improve the good data protection practices that we have developed across the company.
In particular, our compliance programme includes the following steps:
- Customer Contract Amendments: we are preparing GDPR-ready amendments that will be implemented where needed across our customer contracts. These will ensure that customer agreements are updated where necessary to comply with the GDPR, and data moving between Extreme and our customers does
- Vendor Contract Amendments: we are carrying out a similar contract review and update process for our vendor agreements.
- Data Transfers: we are revising our data transfer solutions to bring them in line with the new GDPR requirements for cross-border transfers, both inside and outside the European Economic Area.
- IT Security: As part of Extreme’s continuous IT Risk Management and Security Compliance program, the GDPR requirements have been folded into our wider data privacy controls to ensure all stakeholder data, whether internal or external, is suitably managed
In addition, we have analyzed our existing range of products and services with a focus on GDPR requirements and compliance. Our products and services are designed with network security in mind, and, depending on the product, are specifically engineered to help you assess and address the security of your network—a key step on the road to meeting your GDPR compliance obligations (see Thinking Beyond GDPR). Additionally, to the extent the products and services we offer involve the processing or storage of your (or your customers’) personal data, placing Extreme Networks in the role of a Data Processor, we will have safeguards in place to ensure this processing activity meets GDPR requirements. Importantly, Extreme does not typically engage in the processing of sensitive personal data (e.g., details about an individual’s race, ethnicity, or sexual orientation).
In closing, the GDPR currently is a major priority for us, just as it is for you. We appreciate the importance compliance plays for you, and are busy putting into practice the steps outlined above.