GDPR

GDPR

Our commitment to data privacy and the GDPR

As a leader in cybersecurity operating in over 65 countries, our approach to data privacy is comprehensive and holistic. We leverage the GDPR as a part of our baseline level of security and privacy across the globe.

For Trend Micro, the GDPR is not just an EU initiative. Demonstrating this commitment to data privacy, we work across the organisation to ensure that wherever personal data resides, we know about it and treat it appropriately. This includes the following:

Awareness and education

Awareness and education are fundamental to any program focused on security. As a part of our focus on protecting customer data and complying with the GDPR, we provide ongoing security and privacy training across our organisation. We also ensure clear communication to maximise awareness.

Data awareness

To protect data, you need to know what and where it is. As a part of complying with the GDPR, we assessed our data and its composition across the company. We also put measures in place to ensure ongoing knowledge of all new data entering the company. This process included a comprehensive, global data mapping exercise across the organisation and the updating of our policies and processes to ensure the following:

  • Data privacy
  • Data protection and retention
  • Data usage consent
  • Children’s data security for our Trend Micro Cares “Internet Safety for Kids” program
  • Revised and updated product offering readiness for GDPR, including updating product data collection information on an ongoing basis
  • Updated customer, partner, and supplier agreements that address GDPR requirements 

 

Data protection and breach management

We constantly refine and improve our best practices for proper data use, access, and management. These are the actions we’ve taken:

  • Defined policies concerning “data protection by design” across the organisation
  • Created breach management policies that reflect  notification requirements under GDPR
  • Formed a dedicated team with a formal EU Data Protection Officer, Lianne Harcup

 

GDPR resources

FAQs

GDPR stands for the General Data Protection Regulation. It is a comprehensive data protection law the European Union (EU) adopted in May 2016. It updated the previous EU data protection law – the 1996 Data Protection Directive – and further strengthened personal data protection for individuals who live in the EU. It took full effect on May 25, 2018.

The GDPR applies to organisations that collect and process personal data of individuals in the EU for their own purposes, defined as Controllers by the regulation. It also applies  to organisations that process data on behalf of others, defined as Processors by the regulation. This is a shift from the preceding EU data protection law, which only applied to controllers.

Yes. The GDPR applies to entities that collect or process personal data of individuals in the EU, even if the entity is not established in the EU. For example, the GDPR applies if the entity is offering goods and services targeted at EU data subjects or is monitoring their behaviour within the EU.

Trend Micro has implemented a GDPR Compliance Program to address our responsibilities as a data processor under GDPR.
We have updated the terms of our Global Business Software and Appliance Agreement and our Data Processing Addendum (DPA) to include terms addressing GDPR requirements. These additions address the right of audit, data breach reporting, use of sub-processors etc., to ensure the appropriate terms are in place for customers when Trend Micro acts as their data processor.

Trend Micro also provides a Global Privacy Notice, which explains what personal data we process, how we process it, and for what purposes.
You can find copies of our Global Business Software and Appliance Agreement, DPA, and Global Privacy Notice at the following links:
Global Business Software and Appliance Agreement
DPA
Global Privacy Notice

Trend Micro has incorporated EU-approved standard contractual clauses and Technical and Organisational Measures into our DPA, to support the transfer of customer data from the EU to countries that do not have adequacy decsions in place.

As a leader in cybersecurity operating in over 65 countries, our approach to data privacy is comprehensive and holistic. We leverage the GDPR as a part of our baseline level of security and privacy across the globe. For Trend Micro, the GDPR is not just an EU initiative. Demonstrating this commitment to data privacy, we work across the organisation to ensure that wherever personal data resides, we know about it and treat it appropriately. 

You can request a copy of Trend Micro’s Government Data Request Policy at any time at gdpr@trendmicro.com.

We carry out frequent assessments of our additional security measures and other relevant activities in third countries to which we export data. We also closely monitor developments in legal guidelines and regulations to ensure our protection is at the highest compliance standards.

You can find our Global Privacy Notice at:
https://www.trendmicro.com/privacy

Trend Micro's Data Protection Officer (DPO) is Lianne Harcup. You can contact our DPO by sending an email to gdpr@trendmicro.com or by sending mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road,
Cork, Ireland.

Trend Micro maintains our existing external DPO for Germany per current requirements. The contact details are:
HEC Harald Eul Consulting GmbH
Email: Datenschutz-TrendMicro@he-c.de

For any additional questions about GDPR and Trend Micro, please contact us at gdpr@trendmicro.com.

You may also find helpful resources at the following link:

https://www.trendmicro.com/en_us/about/trust-center/privacy/gdpr.html