Scribd Logo
Upload

Welcome to Scribd!

  • 22 views

    CNT 2774500

    Uploaded by

    Krumislav Doncov

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    CNT 2774500

    Uploaded by

    Krumislav Doncov
    22 views3 pages

    Original Title

    cnt2774500

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    22 views3 pages

    CNT 2774500

    Uploaded by

    Krumislav Doncov

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 3

    Oracle Products & Services

    and the EU General Data Protection Regulation

    Oracle understands how our customers collecting and handling personal data in the EU –
    both offline and online – need to manage and document their data handling practices and
    uses cases more carefully than ever before now that the General Data Protection
    Regulation (GDPR) is in effect. Over the past two years, we have been focused on how
    we can help you respond to those needs. We are confident that our work will simplify your
    compliance efforts, whether you are currently using Oracle products and services or are
    considering using them in the future.

    Addressing GDPR Requirements

    In preparation for GDPR, we began by analyzing how it would impact Oracle and then re-
    casting our global privacy compliance program accordingly. At a high level, we looked at
    our company from three different perspectives:

     as a data processor performing Cloud, Consulting/ACS, Technical Support and


    other services for our customers;
     as a vendor of software programs used on-premises by our customers; and
     as a data controller collecting and using personal data of EU/EEA residents in the
    internal operation of our business.

    We then appointed GDPR project owners in lines of business and operational


    organizations across the company to begin the work of identifying in-scope processing
    activities and product functionality, mapping them to our existing global data protection
    compliance framework, identifying where GDPR created new requirements, and then
    finally aligning processes, documentation, functionality, policies and contracts with those
    requirements.

    Under the guidance of Oracle’s Global Data Protection Officer and the Oracle Privacy
    Office, the GDPR project owners for services reviewed, documented and updated as
    necessary:

     Processing activities
     Categories of personal data, data subject and data recipients
     Data flows and data mapping
     Data retention periods
     Legal bases for processing and transfers
     Security controls, processes and practices
     Customer-facing privacy & security policies and contract terms
     Subprocessor management, including contract terms

    For Oracle on-premises products as well as Cloud services, we reviewed, documented and
    in some cases updated the privacy and security features and functionality. This included
    privacy features that can be used for data minimization, notice and consent,
    erasure/deletion, data portability and end-user access. It also covered security features
    such as access controls, authentication, separation of duties, auditing, encryption,
    anonymization, masking and logging.

    We included these activities as part of our internal global data protection compliance
    review, as well as GDPR transparency and education efforts such as revising and updating
    our privacy and security policies and training. We have also enhanced and empowered
    our privacy governance structure to drive these requirements throughout the company and
    help keep this work up to date and implemented as part of each employee’s job function.

    Throughout this time, we have also been keeping a close eye on relevant developments
    around GDPR, such as the EU Member State implementation process and guidance
    issued by privacy regulators.

    GDPR Customer Materials

    We are committed to helping you address GDPR requirements that are relevant to your
    use of our products and service offerings. To that end, we have enabled you to stay
    informed on our privacy & security product and service functionalities, documentation,
    policies and contract terms:

    1. Review our updated contract templates and policies

    Realizing the importance of a clear allocation of responsibilities between data controllers


    and processors, Oracle has released an updated Cloud Data Processing Agreement
    (DPA) in January, 20181 along with a DPA Statement of Changes and Guidance Document
    to help you map where GDPR requirements were incorporated into the DPA. The DPA
    speaks to Oracle’s obligations as a processor and includes clear purpose-limitation
    restrictions, data breach reporting requirements and data transfer restrictions. It also
    specifies how Oracle can help you comply with your controller obligations, for example by
    providing information relevant for your DPIAs.

    We also invite you to review our current customer-facing privacy and security policies,
    available online through www.oracle.com/contracts and www.oracle.com/privacy. These
    policies constitute a robust privacy and security framework that speaks to a considerable
    portion of the GDPR’s requirements.

    2. Explore our GDPR Customer Resource Center

    Oracle has created a GDPR Customer Resource Center, available in MyOracleSupport

    1
    Specific privacy and security terms may apply to selected Cloud services, such as Netsuite, Bronto or Moat Analytics.
    (Document ID 111.1), which provides three separate repositories of information.

     First, it contains subprocessor lists for Oracle services, and enables you to sign
    up your DPO, CSO or other designed contact to receive updates on changes to
    these lists.
     Second, it contains privacy and security feature guidance for product families of
    on-premises licenses as well as Cloud and other services relevant to key tenets of
    GDPR, including encryption, data portability and data retention.
     Third, it contains a record of processing template with links to applicable security
    policies, descriptions of processing activities, and contact details of our Global
    DPO, designed to assist you with your Article 30 documentation requirements.

    3. Learn more about our security and cloud offerings

    Oracle maintains a GDPR landing page for Oracle Applications as well as one for Oracle
    Security Solutions where you can learn in greater detail how specific Oracle products and
    services can be used to help meet your GDPR compliance needs. These landing pages
    also keep you updated on our GDPR events and webcasts, white papers, newsletters and
    analyst reports.

    GDPR Partnership

    As a global enterprise who has gone through the GDPR compliance process itself, Oracle
    fully appreciates what is involved, what is required, and what the stakes are. We are here
    to help, and hope that this information and our GDPR materials give you a sense of the
    work we have been doing to help our customers meet their GDPR challenges.

    We look forward to participating in that partnership, and invite you to consult your Oracle
    sales representative if you have further questions about Oracle product and service
    options that may help address your GDPR compliance needs.

    Disclaimer: The information in this document may not be construed or used as legal advice about the content, interpretation
    or application of any law, regulation or regulatory guideline. Customers and prospective customers must seek their own legal
    counsel to understand the applicability of any law or regulation on their processing of personal data, including through the
    use of any vendor’s products or services.

    Copyright © 2018, Oracle and/or its affiliates.


    Contact Us | Legal Notices and Terms of Use | Privacy Statement
    All rights reserved.

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy