Produits

Solutions

Formation

CA Services & Support

Partenaires

Société

{{search ? 'Fermer':'Rechercher'}}

GDPR: Our Commitments to You

CA Technologies believes privacy and protecting data are core aspects of trust in today’s Modern Software Factory. We take our own data protection commitment to you and your customers very seriously. We are acutely aware that we need to earn and maintain your trust on a daily basis.

The GDPR is a far-reaching new law that will come into effect on May 25, 2018. Its objective is to further strengthen data protection for individuals and to harmonize the law in this area across the European Union (EU). Enforcement of the regulation will be backed by heavy fines.

CA views the GDPR as a core part of the global trust framework. We want to outline our commitments to you regarding our own GDPR implementation.

What CA Is Doing to Be Compliant

CA has a global privacy team, led by our Chief Privacy Officer. We already have robust processes in place across the world to ensure your data and that of your customers is protected and treated in line with global laws and regulation. We have worked on ensuring that our existing data practices globally are in line with the new requirements in the GDPR.

View our Privacy Statement to learn more about how we handle your data.

What We Are Doing to Ensure You Can Use CA Products in a GDPR-compliant Manner

The GDPR is focused on organizational compliance instead of product-level compliance. However, we attach the utmost importance on how we build our products and have adopted a Privacy and Security by Design approach. Our products are designed with privacy and security in mind and as a core component of our development process.

As a data controller, you will need to ensure you are compliant with your own obligations under the GDPR. However, if you buy a CA product, we aim to ensure that you can use our products in a GDPR-compliant manner, helping you to satisfy your obligations under the GDPR. For example, we design our products to facilitate data minimization and provide better insight into and control over your data flows in order to make it easier for you satisfy your GDPR obligations as a data controller.

How Does This Relate to the Real World?

We want to give you some real-life examples of a few of our products and how they relate to the GDPR. This is not meant to be an exhaustive list of all of our products, nor of all GDPR-related questions that could arise with a specific product.

I am a CA Agile Central customer. Is the hosting by CA of my personal data respecting the GDPR requirements?

We do have regional datacenters, including in the EU. In the event that your data for a specific product isn’t hosted in the EU, the GDPR allows for such data flows outside of the EU if using specific legal tools. CA has invested in a range of legal tools to enable our data and that of our customers to be transferred around the world, respecting laws like the GDPR. CA has invested in these tools, like EU-US privacy shield and Standard Contractual Clauses, going beyond what many other technology companies have done. Our data flows are therefore respecting the GDPR requirements. If you want to learn more about our data transfer setup, click here.

I am a CA Agile Central customer. Is the hosting by CA of my personal data respecting the GDPR requirements?

We do have regional datacenters, including in the EU. In the event that your data for a specific product isn’t hosted in the EU, the GDPR allows for such data flows outside of the EU if using specific legal tools. CA has invested in a range of legal tools to enable our data and that of our customers to be transferred around the world, respecting laws like the GDPR. CA has invested in these tools, like EU-US privacy shield and Standard Contractual Clauses, going beyond what many other technology companies have done. Our data flows are therefore respecting the GDPR requirements. If you want to learn more about our data transfer setup, click here.

I use a CA Project & Portfolio Management (CA PPM) product. Is the CA PPM product GDPR compliant and does it help me, for example, to comply with my requirements to respond to data subject rights? Is my data hosted in the EU?

The GDPR doesn’t require the CA PPM product to be GDPR compliant as such. Instead, it focuses for example on the question if you, as a data controller in Europe, have clear visibility on what personal data you are inputting into/deleting from the product. CA has a responsibility in the back-end as a data processor. If we touch on personal data, we ensure that it is secured in our systems in line with GDPR requirements. CA PPM is hosted in our regional datacenter in the EU. However, should a data transfer be required outside of the EU, we have a range of legal tools in place to ensure we do so, in compliance with the GDPR.

I use a CA Project & Portfolio Management (CA PPM) product. Is the CA PPM product GDPR compliant and does it help me, for example, to comply with my requirements to respond to data subject rights? Is my data hosted in the EU?

The GDPR doesn’t require the CA PPM product to be GDPR compliant as such. Instead, it focuses for example on the question if you, as a data controller in Europe, have clear visibility on what personal data you are inputting into/deleting from the product. CA has a responsibility in the back-end as a data processor. If we touch on personal data, we ensure that it is secured in our systems in line with GDPR requirements. CA PPM is hosted in our regional datacenter in the EU. However, should a data transfer be required outside of the EU, we have a range of legal tools in place to ensure we do so, in compliance with the GDPR.

I am a customer of CA Payment Security. How can I rest assured that it is complying with the GDPR requirements around security?

CA has strong security policies in place to comply with the GDPR. We maintain a high standard for security and have multiple third-party validations for many of our SaaS offerings. CA adheres to the strict PCI standards that include encryption of data in motion and data at rest. We maintain a robust Incident Response Plan, reviewed bi-monthly with annual table top exercises to ensure that we are prepared to respond to any security event. Should we experience a personal data breach that affects you, CA will tell you without undue delay, to enable you to comply with your obligations under the GDPR.

I am a customer of CA Payment Security. How can I rest assured that it is complying with the GDPR requirements around security?

CA has strong security policies in place to comply with the GDPR. We maintain a high standard for security and have multiple third-party validations for many of our SaaS offerings. CA adheres to the strict PCI standards that include encryption of data in motion and data at rest. We maintain a robust Incident Response Plan, reviewed bi-monthly with annual table top exercises to ensure that we are prepared to respond to any security event. Should we experience a personal data breach that affects you, CA will tell you without undue delay, to enable you to comply with your obligations under the GDPR.

GDPR Compliance Is a Shared Journey—Your Feedback

We also constantly take on board customer feedback regarding features in our products, including regarding their GDPR compliance journey. For example, we have integrated a feature in our CA PPM product that supports you in your efforts to respond to data subject right requests, such as the deletion of personal data. Let us know if there are other ways we can further improve our products supporting you on your GDPR compliance journey.

How Our Products Help

Adoption of and adherence to GDPR obligations requires a thorough approach, both at the process as well as the technology level. CA can help with a complete set of targeted software solutions to make it easier for you to satisfy your obligations under the GDPR.

For an overview of some of our products, please visit www.ca.com/GDPR.

We're here to help move your business forward.

Envoyez-nous un email >

View more ways to contact us >