A Transfer Impact Assessment (TIA) evaluates whether the importing country provides an equivalent level of data protection as the EU. This includes assessing local government surveillance laws and any practical evidence of government access requests. If necessary, supplementary measures are implemented to achieve essential equivalency.
Zendesk offers a guide to assist in completing TIAs for their services, which includes information on government surveillance laws in countries where Zendesk processes data. You can request this guide from your Zendesk account executive.
The GDPR requires that personal data transferred outside the EEA must have an approved mechanism to ensure GDPR-level data protection is maintained. This means organizations need to know and map all transfers of personal data to non-EEA countries….
Zendesk uses several mechanisms for international data transfers to ensure compliance with GDPR. For transfers to non-EEA or non-adequate countries, Zendesk relies on Standard Contractual Clauses (SCCs), which provide contractual guarantees for…
The Schrems II case requires data exporters to ensure that importing countries provide protection equivalent to the EU's standards, especially concerning government surveillance. If this level of protection is not met, exporters must implement…
The new SCCs were developed in response to the Schrems II decision, which highlighted the need for updated contractual clauses. These new SCCs include requirements for a Transfer Impact Assessment (TIA) and specific steps for data importers if they…
Zendesk follows a specific process for government access requests, as outlined in their Government Data Request Policy and Article 15 of the new SCCs. This includes asking authorities to contact the data controller first and conducting a legal…
Zendesk, as a U.S. corporation, is subject to FISA 702, which oversees foreign intelligence collection. However, Zendesk's transparency report indicates that requests under FISA 702 are rare. The U.S. government has assured that most companies do…
Executive Order 12333 does not authorize the U.S. Government to compel companies to assist in foreign intelligence collection. Zendesk uses strong encryption to protect data in transit, ensuring that any intercepted data remains unreadable. This…
Zendesk provides summaries of local surveillance laws in their TIA guide, helping you assess whether these laws offer equivalent protection to the EU. If not, you can consider Zendesk's supplementary measures, such as their government access policy…
Zendesk is committed to enhancing privacy and compliance features in response to Schrems II. This includes developing an Advanced Encryption solution and more data localization options. They are also working on features for data retention policy…