On 25 May 2018, the EU General Data Protection Regulation (GDPR) becomes enforceable and replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC). Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.


Agilent’s GDPR compliance preparations are focused on enhancing data privacy controls that benefit all our customers without impairing our ability to provide solutions that enable customers to gain the insights they seek.


Our cross-functional program addressing GDPR is executing a plan to both prepare for and maintain compliance. We have assessed how and where we collect, process, and store personal data, updating our standard operating procedures and policies where required. We have designed new processes to address new obligations under the GDPR, which will enable us to help our customers as needed for them to comply with their obligations under the GDPR. To facilitate our global business, we continue to adhere to the requirements for safeguarding transfers of personal data internationally, including using standard contractual clauses. All Agilent personnel will receive training on the GDPR and on Agilent’s obligations as both a data controller and data processor to our customers.


ASSESSMENT
Agilent has reviewed, and will continue to review where and how our relevant services collect, use, store, and dispose of personal data and will maintain and update policies, standards, governance, and documentation as needed.


CONTRACTUAL COMMITMENTS
Working with our partners and customers, Agilent has revised its contractual documentation to incorporate GDPR compliant provisions. All new and renewal customer contracts that deal with the collection or processing of EU personal data will be GDPR compliant. Agilent is also reviewing its supplier contracts, introducing new contractual terms to ensure our suppliers are also GDPR compliant.


CROSS-BORDER DATA TRANSFER
Agilent will only transfer personal data outside of the European Economic Area where it is lawful to do so and in compliance with GDPR. Agilent relies upon European standard contractual clauses to guarantee adequate GDPR protection to the transfer of such data and we inform through our various privacy statements and contracts any party whose personal data is transferred this way.


EMPLOYEE TRAINING AND AWARENESS
All Agilent employees and non-Agilent workers are required to complete data privacy and security training.


DATA PRIVACY OFFICER
Agilent has appointed a DPO to comply with the requirements of the GDPR. If you have any questions on general GDPR compliance, please contact Leslie Stevens at data-protection.officer@agilent.com


INFORMATION SECURITY AND IT COMPLIANCE
Agilent has completed an assessment of its approach to integrated controls for both information security and IT compliance and updated or expanded our control framework to incorporate GDPR. These included an updated incident reporting procedure, expanded third-party assessment processes for SaaS or service providers, an updated privacy impact assessment, and expansion of our encryption standards.


MARKETING
Agilent has reviewed its method of collecting consent for marketing activities. There will be changes to what we tell contacts upon collection aimed at being as transparent as possible about how we treat personal data. Agilent will only market to contacts who have agreed that we may contact them or if they are an existing customer or contact. 


AGILENT AND ITS CUSTOMERS
As part of all our offerings, Agilent will partner with and assist customers, where reasonably possible, with their GDPR compliance requirements. When engaging with Agilent as a data collector and data processor, you can rest assured that Agilent is GDPR compliant and will treat your personal data accordingly.


PRIVACY STATEMENT
From 25 May 2018, Agilent will have a new Privacy Statement on Agilent.com that sets out exactly why and how we treat our customers’ personal data in accordance with the requirements of the GDPR.