How Korn Ferry is Preparing for the GDPR and Updating its Privacy Program

Trust is the cornerstone of our relationships with clients, individuals and the public. When you provide information to us, you expect that we will keep that information secure and comply with applicable data protection laws and regulations. We take this responsibility very seriously and are continuously evolving our Privacy Program to address the privacy laws around the world, including compliance with the General Data Protection Regulation (GDPR), which takes effect on May 25, 2018.

The Regulation provides new rules for companies processing data about EU individuals (“data subjects”) and provides data subjects with enhanced privacy rights.

In preparation for the GDPR, we are actively working with a team of internal and external privacy and cybersecurity professionals to enhance our operations. We are vetting our tools and technologies to identify opportunities for enhancement. We are reviewing and updating our policies and procedures to help ensure that your data is handled appropriately within Korn Ferry. We are also reviewing and updating our contracts with our service providers, to help ensure that your data is adequately protected by third parties that require access to your data.

While we don’t have the space to tell you everything that Korn Ferry is doing to comply with the GDPR, here are few of the activities we are undertaking.

Feature Image 3

Complying with Article 30

The GDPR requires that companies keep records of personal data from collection through to disposition. Korn Ferry is working to document the ways we use personal data to deliver world-class service to our clients.

Total Rewards

Embedding Privacy into Operations I

Reviewing and Updating policies and procedures. Complying with the GDPR requires organizations to rethink the way that business is done. Korn Ferry is examining its data collection, use, transfer, disclosure, and disposal policies and procedures for compliance with the GDPR.


Embedding Privacy into Operations II

Data subject rights. Under the GDPR, data subjects will have the right to access, correct, erase, object to, or restrict processing of their personal data. Korn Ferry is improving its internal policies and procedures, and developing new procedures where necessary, to help ensure that we respond appropriately to data subject requests.


Embedding Privacy into Operations III

Third-party management. Korn Ferry is reviewing its third-party relationships to help ensure that they are adequately protecting our clients’ personal data.

Feature Image 3

Reporting on Data Breaches

Korn Ferry is updating its data breach response procedures to help ensure that breaches are discovered, contained, and remediated, and that notice is provided to individuals and EU Data Protection Authorities in a timely fashion.

Feature Image 3

Updating Tools and Technology

Personal data is only as secure as the tools and technologies that manage it. We are reviewing our tools and technologies so that we continue to appropriately protect our clients’ personal data.

We are also transitioning key technology platforms so more of our offerings are hosted from European locations.

Feature Image 3

Updating Privacy Notices for Transparency

The GDPR requires transparent communication of data collection, use, disclosure, and disposal practices. Additionally, you must be informed how you can exercise your rights under the GDPR. We are revising our internal and external privacy notices so that they provide you with the information you need to understand how we’re using your data and how you can exercise your rights.

Feature Image 1

Revamping Privacy Training Programs

People aren’t born with an inherent understanding of data privacy. At Korn Ferry, we understand this and we train our employees about appropriate data protection practices. Now that the GDPR is set to change the privacy landscape, we are overhauling our privacy training programs to make sure that our employees know how to handle your data under the Regulation.

Feature Image 2

Obtaining ISO 27001/27018 certification

Moving beyond May 2018, we are working to achieve ISO 27001/27018 certification for key technology platforms and processes to demonstrate a globally recognized validation of the maturity of our global privacy and security programs.