This analysis describes what Workday's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data transferred to the US or other countries may be accessible to foreign governments or law enforcement under laws like FISA, and contractual protections (like Standard Contractual Clauses) may not fully prevent this risk, as highlighted by the Schrems II ruling.
Workday collects personal information from website visitors, event attendees, and prospective customers for marketing and platform improvement purposes, while also processing sensitive employee data including payroll, HR records, and workforce information on behalf of enterprise clients. The dual-role structure means individuals interacting with Workday as employees of a client organization should understand that their rights may need to be exercised through their employer rather than directly with Workday. You can contact Workday's privacy team at the address or contact mechanism listed in the full privacy statement to inquire about personal data collected through Workday's own marketing and website activities.
How other platforms handle this
You will provide personal information directly to our website in the United States. We may also transfer personal information to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data prote...
Notion is based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside of the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States an...
Your personal information may be transferred to and processed in countries other than your country of residence, including Canada and the United States, where our servers are located and our central database is operated. These countries may have data protection laws that are different from those in ...
Monitoring
Workday has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Workday is headquartered in the United States, and we have operations, entities, and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide the same level of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate contractual protections for the transfer of personal information.— Excerpt from Workday's Workday Privacy Statement
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data transferred to the US or other countries may be accessible to foreign governments or law enforcement under laws like FISA, and contractual protections (like Standard Contractual Clauses) may not fully prevent this risk, as highlighted by the Schrems II ruling.
ConductAtlas has identified this type of provision across 79 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Workday.