How Korn Ferry is Preparing for the GDPR and Updating its Privacy Program
Trust is the cornerstone of our relationships with clients, individuals and the public. When you provide information to us, you expect that we will keep that information secure and comply with applicable data protection laws and regulations. We take this responsibility very seriously and are continuously evolving our Privacy Program to address the privacy laws around the world, including compliance with the General Data Protection Regulation (GDPR), which takes effect on May 25, 2018.
The Regulation provides new rules for companies processing data about EU individuals (“data subjects”) and provides data subjects with enhanced privacy rights.
In preparation for the GDPR, we are actively working with a team of internal and external privacy and cybersecurity professionals to enhance our operations. We are vetting our tools and technologies to identify opportunities for enhancement. We are reviewing and updating our policies and procedures to help ensure that your data is handled appropriately within Korn Ferry. We are also reviewing and updating our contracts with our service providers, to help ensure that your data is adequately protected by third parties that require access to your data.
While we don’t have the space to tell you everything that Korn Ferry is doing to comply with the GDPR, here are few of the activities we are undertaking.
Complying with Article 30
The GDPR requires that companies keep records of personal data from collection through to disposition. Korn Ferry is working to document the ways we use personal data to deliver world-class service to our clients.
Embedding Privacy into Operations I
Reviewing and Updating policies and procedures. Complying with the GDPR requires organizations to rethink the way that business is done. Korn Ferry is examining its data collection, use, transfer, disclosure, and disposal policies and procedures for compliance with the GDPR.
Embedding Privacy into Operations II
Data subject rights. Under the GDPR, data subjects will have the right to access, correct, erase, object to, or restrict processing of their personal data. Korn Ferry is improving its internal policies and procedures, and developing new procedures where necessary, to help ensure that we respond appropriately to data subject requests.
Embedding Privacy into Operations III
Third-party management. Korn Ferry is reviewing its third-party relationships to help ensure that they are adequately protecting our clients’ personal data.
Reporting on Data Breaches
Korn Ferry is updating its data breach response procedures to help ensure that breaches are discovered, contained, and remediated, and that notice is provided to individuals and EU Data Protection Authorities in a timely fashion.
Updating Tools and Technology
Personal data is only as secure as the tools and technologies that manage it. We are reviewing our tools and technologies so that we continue to appropriately protect our clients’ personal data.
We are also transitioning key technology platforms so more of our offerings are hosted from European locations.
Updating Privacy Notices for Transparency
The GDPR requires transparent communication of data collection, use, disclosure, and disposal practices. Additionally, you must be informed how you can exercise your rights under the GDPR. We are revising our internal and external privacy notices so that they provide you with the information you need to understand how we’re using your data and how you can exercise your rights.
Revamping Privacy Training Programs
People aren’t born with an inherent understanding of data privacy. At Korn Ferry, we understand this and we train our employees about appropriate data protection practices. Now that the GDPR is set to change the privacy landscape, we are overhauling our privacy training programs to make sure that our employees know how to handle your data under the Regulation.
Obtaining ISO 27001/27018 certification
Moving beyond May 2018, we are working to achieve ISO 27001/27018 certification for key technology platforms and processes to demonstrate a globally recognized validation of the maturity of our global privacy and security programs.