How Panasonic PBX assists GDPR
What is GDPR?
The GDPR (General Data Protection Regulation) is a European law that came into effect on May 25, 2018 (repealing the data protection Directive 95/46/EC). It applies to the processing of personal data in the European Union (EU) and as well as the processing of personal data belonging to European citizens outside of the EU when performed as part of a good or service offered in the EU, or where EU citizens’ activities within the EU are monitored.
Is Panasonic a data processor or controller?
Panasonic is both processor and controller. A controller collects personal data and determines the purpose for which such data will be processed. A processor performs specific processing activities on behalf of a controller. Panasonic is a processor in its handling of personal data on behalf of a third party, such as during the provision of cloud services, managed services, and any kind of technical support.
What has Panasonic done to become compliant as both data controller and data processor?
GDPR regulates two types of entities that process personal data: (1) controllers, who collect personal data and determine the purpose for which the data will be processed, and (2) processors, who perform specific processing activities on behalf of a controller.
Panasonic has identified and made a list of suppliers/service providers who process personal data on Panasonic’s behalf. Panasonic has entered into agreements with these suppliers confirming that they will process any such personal data in compliance with GDPR.
Panasonic has reviewed the internal security measures/processes it has in place around personal data to ensure all personal data stored by Panasonic is kept safe and is only accessed by the appropriate people.
Panasonic has made a Data Processing Agreement (DPA) available to enterprise customers whose personal data Panasonic processes.
Panasonic has created intercompany agreements between Panasonic entities which permit them to share personal information required to run Panasonic’s business, including internal functions, in a GDPR-compliant manner.
Secure data traffic EU-Japan: The EU and Japan have agreed to recognize each other's privacy systems as appropriate. The European Union has initiated the procedure for the adoption of its adequacy assessment for Japan.
Panasonic is rolling out GDPR training.
What about Panasonic Products?
As part of our EU General Data Protection Regulation (GDPR) work, we are undertaking Data Protection Impact Assessments (DPIA) of our major products and services.
On-Premise PBX: When Panasonic provides on-site products that do not send personal data back to Panasonic, Panasonic is not regulated by GDPR, as it is the customer (and not Panasonic) who processes the personal data. In this case, the GDPR compliance obligations fall on Panasonic customers who may use the technical and organizational measures of Panasonic’s product within their own compliance initiatives.
Applications(Cloud): Where Panasonic processes personal data Panasonic complies with the obligations that GDPR places on data processors.
How does GDPR affect Panasonic customers?
Under GDPR, where a controller entrusts personal data to a processor for handling data on its behalf, GDPR requires that the controller ensure the data will be handled in a GDPR-compliant manner. Where Panasonic processes personal data on behalf of its enterprise customers (e.g., during the provision of cloud services, managed services, and support services), Panasonic complies with the obligations that GDPR places on data processors, including the following:
- Take appropriate technical and organizational measures to secure customer personal data
- Report personal data breaches to the customer
- Assist the customer in responding to data subject requests received by its customers