Solutions

  • Products
  • Use cases
  • Industries
  • EBOOK
  • Making it #EasyForEmployees
  • A guide with best practices for transforming the employee service experience.
  • WHITE PAPER
  • Modernizing government via ITSM
  • A research doc about government agencies’ digital transformation challenges.

Platform

  • REPORT
  • Gartner names ServiceNow a leader
  • 2018 Magic Quadrant for Enterprise High-Productivity Application PaaS.

Customers

  • CUSTOMER STORY
  • General Mills transforms HR
  • Global employee service experience shows entire corporation how it’s done.

Explore

  • PERSPECTIVE
  • Do you need an AI council?
  • Formal collaboration helps implement new technology safely and effectively.

Our Commitment

The new General Data Protection Regulation (GDPR) is fundamentally about protecting and enabling the privacy rights of European Union (EU) citizens and residents. The GDPR establishes global privacy requirements governing how you manage and protect personal data while respecting individual choice—regardless of where data is sent, processed, or stored.

At ServiceNow, we believe that the GDPR is an important step towards strengthening data protection laws across the European Union and enabling individual privacy rights. This is why ServiceNow is committed to being GDPR‑compliant across our cloud services.

ServiceNow takes a principled approach to privacy, security, and compliance, with strong commitments to ensuring you can trust the cloud services you rely on. We have one of the most extensive compliance portfolios in the industry, that includes adherence to key standards such as the ISO 27001, ISO/ IEC 27018, SSAE SOC 1 Type 2 and SOC 2 Type, and FedRAMP.

Trust – Built Upon a Safe, Secure, and Compliant Cloud

As you prepare to comply with the GDPR, here is what else you can expect from ServiceNow:

  • You Maintain Control. When you entrust your data to the ServiceNow Nonstop Cloud, you remain the sole owner: you retain the rights, title, and interest in the data you store in our cloud services. You can take advantage of the features inherent in the Now Platform to meet your GDPR obligations related to deletion, rectification, transfer of, access to, and objection to processing of personal data.

  • You Have Full Visibility. The ServiceNow Nonstop Cloud protects your data from inappropriate access or use by unauthorized individuals with robust measures, including restricting access by ServiceNow personnel and subcontractors. In addition to these commitments, ServiceNow provides you with the ability to monitor how data is managed and who has access to what data within your organization.

    Our world‑class datacenters are certified to internationally recognized security standards, protected by 24‑hour physical surveillance, and continuously monitored using strict access controls. Our single‑tenant architecture keeps your data logically isolated from the data of other customers.

    Securing our cloud infrastructure is only part of a comprehensive security strategy. Each cloud service has built‑in security features to help you secure your data, including field‑level encryption, encryption in transit, comprehensive role‑based access control, application scoping, access and transaction logging and monitoring, and support for multi‑factor authentication.

  • We Commit to Rapid Response. ServiceNow has robust security incident response processes and contractually commits to notifying our customers in accordance with the GDPR. With active threat intelligence and advanced machine learning capabilities, our security team does not have to wait for an incident to occur. We use real‑time data to predict issues, and then prioritize and resolve them based on the impact to your data or services.

Partnering to Comply with the GDPR

Compliance is a shared responsibility and we are committed to partnering with you to help you successfully comply with the GDPR. Requirements such as greater data access and erasure rules, privacy by design, and data breach notification processes may mean changes for your organization. Therefore, it is important to understand your obligations related to the GDPR regardless of where your organization resides.

We have recently updated our data processing addendum (DPA) in compliance with the requirements set forth in the GDPR.  Our DPA also gives our customers contractual assurances that personal data can be lawfully transferred from the European Economic Area to the ServiceNow services. For more information about our DPA, please review the FAQ here.

We look forward to continuing to partner with you as the deadline for compliance with the GDPR draws nearer.

ServiceNow GRC Can Help You Prepare to Comply With the GDPR

Thank You

Thank you for submitting your request. A ServiceNow representative will be in contact within 48 hours.

form close button

Contact Us

I would like to hear about upcoming events, products and services from ServiceNow. I understand I can unsubscribe any time.

  • By submitting this form, I confirm that I have read and agree to the Privacy Statement.