July 29, 2019
By Kacy Brake
Associate General Counsel and Global Data Privacy Officer
In the modern economy, personal data is the currency that enables business to function. Personal data flies around the world at the speed of light with little physical restriction. Given how far and fast personal data can travel, it is important that people can trust the companies that are holding their personal data. Companies have an obligation to keep personal data private, safe, and secure. Frequently, we hear our customers voicing concerns about what might be happening to their personal data when they license our solutions.
We often say that respect for individuals’ privacy rights is a fundamental value at Infor. While the tone from the top is critically important, we also realize that words matter less than actions. Knowing that, Infor sought independent certification and verification that its privacy practices are meeting the highest global standards.
We are delighted to announce that TrustArc, a leader in data privacy compliance, has assessed Infor’s data privacy practices. After their in-depth review of Infor’s handling of personal data on behalf of its business partners and employees, TrustArc determined that Infor meets TrustArc certification and compliance verification program criteria in the following three areas:
- APEC Cross Border Privacy Rules System (CBPRs)
- GDPR Program Validation
- EU-US Privacy Shield and Swiss-US Privacy Shield Verification
APEC CBPR Certification
The Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System (CBPRs) is the first framework to provide standards for the transfer of personal data between all 21 APEC member countries. Companies participating in the CBPR program do so by choice, after establishing that they provide meaningful protection for the privacy and security of personal data.
Not every company can achieve APEC CBPR Certification. Infor’s achievement of that milestone evidences our commitment to transferring personal data efficiently, securely, and safely, while respecting data privacy.
GDPR Program Validation
Although the EU General Data Protection Regulation (GDPR) was adopted in 2016, the European Commission and other EU regulators have not yet specified the criteria required to achieve GDPR certification under Articles 42 and 43. The purpose of that GDPR certification is to provide stakeholders with independent assurances that an organization is complying with the requirements of GDPR.
Until a formal certification process is established by the EU, companies must rely upon third-party assessments of their GDPR compliance. TrustArc’s GDPR Program Validation assessed 40 specific objective validation requirements, including whether Infor has established a governance strategy for our privacy program, whether we have appointed a privacy leader, how we vet our vendors, our security program, our ability to produce required records of processing, Infor’s preparedness for a data incident, as well as how we manage the rights of individuals.
After their review, TrustArc determined that Infor, as an organization, meets the TrustArc Program Validation requirements. This Validation is an important distinguisher between Infor and its competitors in the marketplace. Learn more about Infor’s GDPR Program Validation here: /about/gdpr-validation.
EU-US Privacy Shield and Swiss-US Privacy Shield Verification
The EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks require that companies comply with a set of privacy principles to transfer data from the EU and Switzerland. After a comprehensive review of Infor’s practices, TrustArc has authorized Infor’s use of the TRUSTe Verified Privacy Seal, which provides real-time verification of Infor’s commitment to data privacy.
Sometimes, it can be easy to take data privacy for granted. In today’s world, with nearly daily reports of personal data being taken and used for unanticipated purposes, we can see the heavy price that lack of appreciation can cause.
At Infor, data privacy is always front of mind. From the early days of our product design to our day-to-day operations, privacy is at the forefront of everything we do. Our customers trust us with their most important assets—their personal data—and Infor’s successful achievement of these three assessments proves how seriously we take our commitment to data privacy.
For more information about how Infor values your privacy, please visit Infor’s privacy page.