How is privacy governed in Canon?
Canon’s Group Data Protection Officer is supported by a network of DPOs and Privacy Champions, whose roles and responsibilities are clearly defined which helps ensure compliance with the EU General Data Protection Regulation (GDPR) and other privacy and data protection laws throughout EMEA.
The Canon Europe Group (Canon EMEA) spans Europe, the Middle East and Africa. Across this large region there are many different privacy laws that apply. The Canon Privacy Accountability Framework was developed to ensure that privacy considerations are dealt with in a uniform and standardised way across all our markets and for the smooth operation of our business. The requirements of the European Union and other European, Middle Eastern and African privacy legislations have been incorporated into the Canon Privacy Accountability Framework.
Does Canon conduct risk assessments around personal data?
Canon EMEA has well defined governance, risk management and compliance processes. These processes include:
• Privacy risk assessments
• Privacy impact assessments/data protection impact assessments
• Vendor risk assessments
• Security assessments
Does Canon maintain Records of Processing Activities (RoPA)?
Canon has processes in place to comply with privacy requirements including maintaining/updating Records of Processing Activities and completing Privacy Impact Assessments(PIA)/Data Protection Impact Assessments (DPIA).
Does Canon have formal processes for handling data breaches?
Canon is firmly committed to protecting the personal data of all stakeholders including employees, suppliers and customers. In order to meet this commitment and our obligations under applicable data protection laws, Canon has implemented a ‘Breach Management Policy’. This policy explains what constitutes a data breach and the initial steps that employees should take when a suspected data breach is discovered. There are a number of operational guidelines that supplement this policy.
Are Canon employees trained on privacy?
Canon employees and contractors receive mandatory training on privacy and data protection. Additional mandatory training is provided to our Privacy Champions who are assigned with special responsibility for privacy in their specific business area.
Are Canon employees who access and process personal data committed to respect confidentiality?
All Canon employees, including those who work with the personal data of our employees, partners or customers, are bound by confidentiality provisions in employment contracts. The importance of confidentiality is continuously reinforced through training and awareness creation.
Are Canon vendors and other third parties compliant with data protection regulations?
Canon requires that third parties, including vendors and partners, who process personal data on behalf of Canon are contractually bound to safeguard any personal data they receive from Canon and are prohibited from using the personal data for any purpose other than to perform the services as instructed by Canon. Canon has also implemented a risk-based compliance assessment for suppliers handling Canon or Canon’s customers’ data.
How does Canon comply with data transfer restrictions across the EMEA regions in which it operates?
Canon uses appropriate transfer mechanisms such as Standard Contractual clauses, where applicable. In jurisdictions where Standard Contractual clauses are not available, Canon complies with local privacy requirements.
Where can I get more information about any of the topics discussed in the ‘Canon Privacy Trust Centre’?
If you have any specific question related to any content on these webpages, please contact the Privacy Officer at DataProtectionOfficer@Canon-Europe.com