The European Union’s (EU) General Data Protection Regulation (GDPR) became effective May 25, 2018, and with it came a flurry of privacy policy notification updates from websites, other digital publishers, and more, all of whom are tasked with ensuring that any sensitive user data collected on EU residents – even as a sub-processor – is handled and processed according to GDPR requirements. Expedient is considered to be such a “sub-processor”; while our domestic customer base means that GDPR does not have broad applicability to us, many of our customers have operations and/or customers in other countries for which GDPR does apply. As such, Expedient can become a party to the customer data, and must comply under the requirements of the law in order for our customers to maintain their own compliance.
In an effort to ensure this compliance in late 2016, Expedient began attesting to a framework called the EU-U.S. Privacy Shield, which is a legal mechanism used to transfer data between an EU country and the United States. Expedient’s attestation subjects the company to the jurisdiction of the Federal Trade Commission or the Department of Trade, which enforces our commitments to safeguard such data.
Since Expedient and its employees do not necessarily know which data a client may have is sensitive and which is not, we treat all of it like it is protected and apply our physical and logical security controls uniformly across our facilities and technology platforms.
Further, Expedient is prepared to support current and prospective clients with GDPR compliance needs via a Data Protection Agreement (DPA) that can be executed as an addendum to a Master Services Agreement (MSA); this DPA provides the legal framework necessary to demonstrate our compliance as a sub-processor of personal data.
Read more about Expedient’s offerings for GDPR, HIPAA, PCI DSS, or other such compliance and security requirements now, or contact us for more information.
As Senior Vice President and Chief Operating Officer, Jonathan Rosenson is responsible for overseeing organizational functions that drive growth at Expedient. Jon additionally acts as an external spokesperson conveying the Expedient story. Follow him on Twitter.
