At Cambium Networks, we focus on providing innovative products and first-class service to network operators globally. Our employees are united by our mission to eliminate the “digital divide” by building innovative products to connect underserved and developing communities. As part of this mission, we have, since our inception, been committed to protecting the privacy of data provided to us, including security in our product design, and enabling compliance and transparency in our operations. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018.
What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. The GDPR not only applies to organizations located within the EU but also applies to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. It provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
Cambium Networks GDPR Product Readiness
We have included contractual commitments to address requirements of the GDPR regarding:
- Our assistance to allow you to comply with data subject rights.
- Our obligation to notify you of a personal data breach to allow you to notify relevant supervisory authorities and, where required, data subjects.
- Your audit rights.
- The security measures that will be implemented as part of our joint obligation pursuant to Article 32.
We are implementing processes and policies to protect the transfer of data among our Cambium Networks affiliates, and we will adhere to the requirement to communicate data breaches to affected parties in a timely manner in accordance with the requirements set forth by the GDPR.
What is a Data Processing Agreement (“DPA”)?
Cambium Networks offers cnMaestro customers a robust Data Processing Agreement (“DPA”), as an addendum to our cnMaestro terms and conditions, governing the relationship between the customer (acting as a data controller) and Cambium Networks (acting as a data processor). The DPA facilitates our customers’ compliance with their obligations under EU data protection law. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to Cambium Networks outside of the European Union by relying on the approved mechanism of Standard Contractual Clauses.
Our networking equipment can process and store many types of data within the products. The equipment provides control to our customers who own and decide what to do with the data. In the context of GDPR, the data belongs to the data subjects, that is, the EU residents. We do not control any data derived by our hardware products nor from our cnMaestro cloud-based network management platform, LinkPlanner or other services that we offer, and only process data derived from our services, including cnMaestro, LinkPlanner, Wireless manager and other services such as support and training, as a data processor. We do not share any user data processed by our products with third party vendors, and our customers have control over how the data processed by the products is shared.
What are the “Standard Contractual Clauses”?
The European Commission has approved a set of standard provisions called the Standard Contractual Clauses (“Model Clauses”) which provide a data controller a compliant mechanism to transfer personal data to a data processor outside the European Economic Area (“EEA”). The Model Clauses are appended to the Cambium Networks DPA to help provide adequate protection for data transfer outside of the EEA or Switzerland.
Cambium Networks is working towards achieving compliance with the EU-U.S. and Swiss-US Privacy Shield Frameworks and Principles set out by the US Department of Commerce for the collection, use, and retention of personal data transferred from the EU and Switzerland. We will process personal data that we receive, including in the case of onward transfers of personal data from the EU and Switzerland, in accordance with those Principles, to ensure an adequate level of protection under applicable European privacy and data protection regulations. For more information about Privacy Shield, visit www.privacyshield.gov.
We remain committed to helping our customers and partners by protecting and respecting personal data, no matter where it comes from or flows to, and we will be continuing to make improvements in compliance with the GDPR and other data privacy and data protection laws and regulations.