In an effort to provide more visibility into how Citrix is helping our customers prepare to meet GDPR requirements, we have updated our contracts to reflect specific GDPR requirements and we have published materials discussing how Citrix products and services can help customers with their GDPR efforts.
GDPR is a comprehensive overhaul of EU Data Protection Laws, and directly impacts Citrix, our customers, partners and vendors who collect, use or share the personal data of EU residents. The GDPR focuses on accountability and operational control, including the concept of “privacy by design” (taking privacy into account when designing systems that process data) and the implementation of core technical and organizational security controls for the protection of personal information. The GDPR becomes effective May 25, and many organizations are now deep into their compliance and validation efforts.
Listed below are some key resources for Citrix customers, partners and vendors, including updated contracts and guidance on how Citrix products and services can help customers prepare for the GDPR.
We have updated our security and data protection terms and included them in our End User License Agreements (EULA) and End User Services Agreements (EUSA), which you can find at https://www.citrix.com/buy/licensing/agreements.html. The updated terms include a detailed description of the security controls used across Citrix’s services, as well as data processing terms that align to the applicable sections of the GDPR.
Some of our customers require formal data processing agreements, so we offer the additional option of an Online Data Processing Agreement. This can be done via a fast, simple, and reliable process that will be familiar to most of our customers:
- Log into your Citrix My Account.
- Click “View Data Processing Agreement” on the left side and accept the Online Data Processing Agreement electronically.
- Customers will also see a notification about this new Online Data Processing Agreement the next time you log into your My Account.
We have updated our Program Guides and included the Citrix Partner Data Processing Agreement to define the parties’ responsibility with regard to data protection and security. It includes data protection clauses approved in the EU (Standard Contractual Clauses) for international transfers and the Citrix Services Security Exhibit.
We are reaching out to our vendors with system access with our updated Security Standard Addendum and Data Processing Agreement. As of late March, more than 400 vendors have been contacted. If you are a vendor and have questions, please reach out to us.
If you would like more detailed information about how Citrix can help you address GDPR requirements, visit our GDPR page for product information, a resource kit, whitepapers, and links to our most recent blog posts. Stay tuned for more GDPR updates as we approach the May 25, 2018 deadline.