GDPR compliance


Read this article for an overview of the GDPR. To learn how PureCloud addresses the GDPR and what your organization needs to know about PureCloud’s GDPR implementation, see PureCloud and GDPR compliance.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation. It articulates the rights of people about the protection of their personal data. It also defines the responsibilities of organizations that collect and process personal data. Generally, the GDPR applies to individuals in the European Union. It deals with the responsibilities for organizations directing business to those individuals. GDPR enforcement date: 25 May 2018.

The GDPR “protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” These fundamental rights include the right to access their personal data, rectify their personal data, and delete their personal data stored by an organization.

Personal data under the GDPR

The GDPR defines personal data broadly. More specifically, the GDPR sets for the definition of personal data in Article 4, section 1:
“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;”.

GDPR rights

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

GDPR roles at Genesys

Genesys employees with roles related to GDPR:

  • Chief Privacy Officer – William Dummett
  • European Data Privacy Officer – Shahzad Muhammad Naveed Ahmad 
  • PureCloud Sr. Director of Security & Compliance – Eric Cohen CISSP, CIPM, CIPP/E

GDPR education

The General Data Protection Regulation (GDPR) is an important change in data privacy regulation. Genesys PureCloud invested a significant amount of time in GDPR training for the Security and Compliance team. Training and certification from The International Association of Privacy Professionals (IAPP) began in early 2017.

PureCloud GDPR project

PureCloud commissioned a GDPR project to:

  • Complete an updated data inventory and determine every location in which PureCloud stores/processes/transmits PII
  • Design and implement an API for our customers to implement their customers’ requests to exercise their fundamental data subject rights
  • Complete a Data Protection Impact Assessment

To learn how PureCloud is addressing the GDPR and what your organization needs to know about PureCloud’s GDPR implementation, see PureCloud and GDPR compliance.