In an effort to ensure this compliance in late 2016, Expedient began attesting to a framework called the EU-U.S. Privacy Shield, which is a legal mechanism used to transfer data between an EU country and the United States. Expedient’s attestation subjects the company to the jurisdiction of the Federal Trade Commission or the Department of Trade, which enforces our commitments to safeguard such data.
Since Expedient and its employees do not necessarily know which data a client may have is sensitive and which is not, we treat all of it like it is protected and apply our physical and logical security controls uniformly across our facilities and technology platforms.
Further, Expedient is prepared to support current and prospective clients with GDPR compliance needs via a Data Protection Agreement (DPA) that can be executed as an addendum to a Master Services Agreement (MSA); this DPA provides the legal framework necessary to demonstrate our compliance as a sub-processor of personal data.
As Senior Vice President of Strategic Initiatives, Jonathan Rosenson is responsible for overseeing organizational functions that drive adaptation and growth at Expedient. Jon additionally acts as an external spokesperson conveying the Expedient story. Follow him on Twitter.