Our commitment to data privacy and the GDPR
As a leader in cybersecurity operating in over 65 countries, our approach to data privacy is comprehensive and holistic. We leverage the GDPR as a part of our baseline level of security and privacy across the globe.
For Trend Micro, the GDPR is not just an EU initiative. Demonstrating this commitment to data privacy, we work across the organization to ensure that wherever personal data resides, we know about it and treat it appropriately. This includes the following:
Awareness and education
Awareness and education are fundamental to any program focused on security. As a part of our focus on protecting customer data and complying with the GDPR, we provide ongoing security and privacy training across our organization. We also ensure clear communication to maximize awareness.
To protect data, you need to know what and where it is. As a part of complying with the GDPR, we assessed our data and its composition across the company. We also put measures in place to ensure ongoing knowledge of all new data entering the company. This process included a comprehensive, global data mapping exercise across the organization and the updating of our policies and processes to ensure the following:
Data protection and breach management
We constantly refine and improve our best practices for proper data use, access, and management. These are the actions we’ve taken:
List of Processors and Subprocessors
Recruitment Privacy Notice (EU)
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law.
Data Protection Policy (EU)
To exercise any of your individual rights under applicable laws and view instructions on how to set your preferences for marketing communications, click the link below.
Data Collection Disclosure
Disclosure on what kind of data a Trend Micro product collects and how you can opt-out of the collection
Government Data Requests
The Government Data Request policy outlines Trend Micro's procedure for responding to a request from a law enforcement or other government authority to disclose personal data or other personal information.
GDPR stands for the General Data Protection Regulation. It is a comprehensive data protection law the European Union (EU) adopted in May 2016. It updated the previous EU data protection law – the 1996 Data Protection Directive – and further strengthened personal data protection for individuals who live in the EU. It took full effect on May 25, 2018.
The GDPR applies to organizations that collect and process personal data of individuals in the EU for their own purposes, defined as Controllers by the regulation. It also applies to organizations that process data on behalf of others, defined as Processors by the regulation. This is a shift from the preceding EU data protection law, which only applied to controllers.
Yes. The GDPR applies to entities that collect or process personal data of individuals in the EU, even if the entity is not established in the EU. For example, the GDPR applies if the entity is offering goods and services targeted at EU data subjects or is monitoring their behaviour within the EU.
Trend Micro has implemented a GDPR Compliance Program to address our responsibilities as a data processor under GDPR.
We have updated the terms of our Global Business Software and Appliance Agreement and our Data Processing Addendum (DPA) to include terms addressing GDPR requirements. These additions address the right of audit, data breach reporting, use of sub-processors etc., to ensure the appropriate terms are in place for customers when Trend Micro acts as their data processor.
Trend Micro also provides a Global Privacy Notice, which explains what personal data we process, how we process it, and for what purposes.
You can find copies of our Global Business Software and Appliance Agreement, DPA, and Global Privacy Notice at the following links:
Global Business Software and Appliance Agreement
Global Privacy Notice
Trend Micro has incorporated EU-approved standard contractual clauses and Technical and Organizational Measures into our DPA, to support the transfer of customer data from the EU to countries that do not have adequacy decsions in place.
As a leader in cybersecurity operating in over 65 countries, our approach to data privacy is comprehensive and holistic. We leverage the GDPR as a part of our baseline level of security and privacy across the globe. For Trend Micro, the GDPR is not just an EU initiative. Demonstrating this commitment to data privacy, we work across the organization to ensure that wherever personal data resides, we know about it and treat it appropriately.
You can request a copy of Trend Micro’s Government Data Request Policy at any time at firstname.lastname@example.org.
We carry out frequent assessments of our additional security measures and other relevant activities in third countries to which we export data. We also closely monitor developments in legal guidelines and regulations to ensure our protection is at the highest compliance standards.
Trend Micro's Data Protection Officer (DPO) is Lianne Harcup. You can contact our DPO by sending an email to email@example.com or by sending mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road,
Trend Micro maintains our existing external DPO for Germany per current requirements. The contact details are:
HEC Harald Eul Consulting GmbH
For any additional questions about GDPR and Trend Micro, please contact us at firstname.lastname@example.org.
You may also find helpful resources at the following link: