RE: Energizing, Juvenating, Imagining, ...our customer's potential

FAQs for clients

The EU General Data Protection Regulation (GDPR) is perhaps the most significant piece of European privacy legislation in the last twenty years, which seeks to strengthen the rights that EU individuals have over their data, creating a uniform data protection law across Europe, including the UK.

Thomas International UK (Thomas) currently complies with all applicable data protection regulations and has been committed to GDPR compliance since it came into effect on 25 May 2018. Thomas has a dedicated internal team made up of cross-functional stakeholders to drive our organisation to meet requirements.

An Update on Brexit and Data Protection

When the UK leaves the EU, it is anticipated that data transfers from the UK to the EU will be able to continue to flow freely. However, in the event of a ‘no deal’ Brexit, a different position may apply to data transfers from within the EU to the UK. At Thomas International, the security of our clients’ data is of utmost importance, and we are proactively taking steps to ensure we continue to provide you with the same high level of security and compliance we do today, in any post-Brexit scenario. This includes the migration of candidate data from the UK to an EEA-based cloud region from a global cloud provider, and the implementation of an EU-approved legal mechanism in the form of Standard Contractual Clauses (SCCs) with our European distributors. SCCs allow for the continued transfer of data from the EU to the UK, in the same way we operate today (you can read more about EU model clauses here).

While the political discussion continues to evolve, we will be monitoring this closely and will update the information on this page as the situation develops. Keep an eye on this page for further updates!