Workplace is a tool that connects everyone in your company, even if they're working remotely. Use familiar features such as Groups, Chat, Rooms and live video broadcasting to get people talking and working together.
Workplace is a communications hub that connects everyone in your organization to help drive collaboration and business results. Workplace offers features such as groups, search, profiles, Workplace Chat, News Feed, auto-translation, Live Video and more. Workplace lets you create a Workplace account that is separate from your personal Facebook account.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new framework that will harmonize data protection rules across the European Union (EU). It goes into effect on May 25, 2018 and will govern how the Facebook Family of Companies is regulated. You can find out more about Facebook’s approach to GDPR here.
Many of the principles build upon the current data protection rules in place within the EU. But GDPR also places some new requirements on companies. GDPR will apply to any Workplace customer with users residing in the EU, even if the organization’s location is outside of the EU.
Workplace and GDPR Compliance
GDPR expands current data protection laws and also adds some new requirements. Most of GDPR’s requirements fall on data controllers. This is the organization or party that decides the ‘purposes’ and ‘means’ of any processing of personal data. Workplace Advanced customers act as data controllers and appoint Facebook as a data processor under the Workplace agreement. In Workplace Essential, Facebook is the data controller and is responsible for the processing of Workplace Essential users’ data.
Facebook and Workplace comply with all data protection laws that apply to us. Where applicable, we’ll adapt our existing practices to align with GDPR. We’re also dedicated to helping our Workplace Advanced customers meet their obligations.
Safeguards and Contractual Commitments
We understand that GDPR requires Workplace Advanced customers to engage data processors with appropriate safeguards to ensure an appropriate level of protection for personal data.
We’ve been working with our product, design and engineering teams to make sure our products will comply with the GDPR rules. This includes making sure our contractual commitments allow customers to demonstrate their compliance. We’ll be updating our agreements to provide the undertakings required from data processors under GDPR.
GDPR requires Workplace Advanced customers to engage data processors who can provide an appropriate level of security to meet the requirements set out in the new regulations. The safety of the personal data we process for our customers is of the utmost importance to us. We undergo regular security audits and Workplace Advanced is ISO 27001 certified.
We also invest in systems to make sure we can identify threats to data security when we process data for Workplace Advanced customers. In the unlikely event of a relevant incident, we’ll notify and assist customers. For more information, see here.
Facebook, Inc. has certified under the EU-US Privacy Shield Framework. This means companies will be able to rely on the Privacy Shield Framework to meet EU data transfer requirements when they use Workplace Advanced.
Facebook, Inc. in the US makes various commitments under the Privacy Shield Framework to legitimize data transfers from the EEA to the US. You can find more information about Facebook’s participation in the Privacy Shield Framework here.
Your Workplace Account
Your Workplace account is a place for you to connect and collaborate with your coworkers, join groups related to your team or projects, and get company news and updates.
Your Workplace account is only visible to people at your company and is separate from your personal account. What you share to your Workplace account can only be seen by people in your company.
Your Facebook Account
Your Facebook account is personal. It's for connecting with friends and family, and sharing moments from your life.
The things you share to your personal account will only be seen by people you have allowed, based on your privacy settings on Facebook.
Note: Your employer can not access your personal Facebook account if you're using Workplace, since the accounts are separate.
I'm using Workplace Advanced and have a question about compliance with the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield.
Facebook, Inc. participates in the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield for Workplace Advanced, as described in our Privacy Shield Notice and in our certification with the United States Department of Commerce. As part of our participation in the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield we will resolve disputes regarding personal data covered by our certification through TRUSTe. If you have any additional questions about our compliance with either Privacy Shield framework, you can contact us.
For Workplace Standard:
If you're using Workplace Standard, Facebook is the data controller but employees own the content they post and share, and Facebook's community standards apply.
For Workplace Essential and Workplace Advanced:
There's a community admin that manages the community and the company owns and controls the data. The community admin can modify, delete or export your data at any time.
Note: The data on Workplace is stored globally across Facebook's data centers.