Expand my Community achievements bar.

GDPR compliance and also Russian users


Level 3
We are growing as an international company and have some key people that are either employees or contractors for our company in other countries. I see some hint of GDPR compliance which is good but I was unsure if that referred to the Community and Help and Training sites and NOT the Workfront application itself since each company / customer has their own instance per se. Also we have some people in Russia which has it's own unique legal constraints that suggest that WorkFront would actually have to have a server on Russian soil to be compliant. Any others with experience with this? Bill Bos IT Director Classical Conversations
3 Replies


Level 3
We too are wondering how we comply with the Russian privacy requirements. Holly Harvey Church of Jesus Christ of Latter-day Saints - Publishing Services


Level 4
From a GDPR perspective, it all depends on what types of information specifically on EU citizens you have in the system. If none of your Workfront-using employees are EU citizens and you aren't storing any information on customers/clients in the EU, then you really don't have much to be concerned about. If you do have users that are EU citizens, think about the kind of information you store on their account. If you have them upload pictures of themselves, many GDPR experts interpret that as sensitive data which can have additional implications in case of a breach. But in general, if all you have is their name and corporate e-mail address, then even in the case of a breach there aren't a lot of GDPR specific concerns. One area to think about, most people Deactivate WF users instead of deleting them altogether. If you never delete and those old accounts are for EU citizens, then there are some questions as to whether it is reasonable for you to keep that information (even if it's just their name). You should consult your organizations electronic records destruction policy and make sure you adhere to it. Lastly, if you are using it for marketing campaign purposes and you are uploading mailing lists for the campaigns to the Documents tab, if anyone in those lists are EU citizens and WF has a breach, you would have to inform them. To me, it is a risky proposition to keep that kind of data in WF for that very reason. All that is to say, if you have information on EU citizens in WF, it should be in your Data Register maintained by the Data Protection Officer. Jason Maust McGuireWoods LLP


Level 3
Jason, Thanks for your very thorough answer regarding GDPR and the EU, it confirms what I was already thinking about how to handle EU citizens. We should be ok since we are NOT using WorkFront for marketing, just have some international employees. We may need to direct them to NOT upload profile pictures etc. Any thoughts on Russia though? Bill Bos Classical Conversations