GDPR Compliance – What is it, and why does it matter?

by Aug 8, 2019

Is your wellness vendor GDPR compliant?  If you have a presence in the EU, it’s a question you need to be asking.  The buzz around the General Data Protection Regulation (GDPR) has been strong within the health and wellness industry – and with good reason.  The regulation affects millions of people, their personal data, and how the companies they work for handle it (including the vendor partners they choose for services such as employee-wellness programs).  Not all companies are choosing to be evaluated for compliance, because it requires a huge financial and personnel investment.  But that doesn’t change the fact that GDPR compliance is required if personal data of EU citizens is being processed.

What is GDPR?

In May 2018, the European Union (EU) implemented GDPR.  The regulation is designed to protect how a person’s personal data is collected, stored, and processed.  While this was put in place by the EU and designed with EU companies in mind, the regulation also applies to organizations who collect, process, or retain the personal data of EU residents – regardless of where the company is based (e.g., United States) or where the employee is in the world at any given moment.  EU citizenship is not required – the employee simply needs to be an EU resident, and they are protected by the GDPR.

So, as an HR/benefits manager, why should I care about GDPR?

GDPR compliance is especially important for the health and wellness industry.  More often than most other industry groups, health and wellness organizations obtain access to employees’ personal data – collecting, processing, and/or storing that information for various business reasons, from establishing benefits eligibility to processing claims to administering wellbeing programs.  Requiring validation of GDPR compliance allows employers to work with health and wellness organizations without worry – assured that their vendor partners maintain secure and regulated use of employees’ personal information.

“Sonic Boom Wellness is proud to have earned the official validation of being GDPR compliant. This distinction will greatly benefit our client partners with global populations,” Sonic Boom Co-Founder Danna Korn said. “Data security and privacy protection are paramount to us.  We pride ourselves on adhering to the strictest of security guidelines, with or without GDPR, as evidenced by our SOC 2 Type 2 compliance, ongoing HIPAA training, and other ongoing security practices.  This validation makes it even easier to put our clients at ease knowing their employees’ personal data is protected.  We want them focused on improving their daily health habits with Sonic Boom – not worrying about their personal data in the hands of Sonic Boom.”

If you have any questions about our security standards, we’d be happy to put you in touch with the appropriate person or people on our security team.