GDPR Statement


Oita Sumitomo Corporate
GDPR Statement

EU General Data Protection Regulation (GDPR) has replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).

Oita Sumitomo Corporate currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services. Oita Sumitomo Corporate has a dedicated internal team made up of cross-functional stakeholders overseeing Oita Sumitomo Corporate's GDPR readiness. Oita Sumitomo Corporate's ongoing compliance efforts include:


Oita Sumitomo Corporate has reviewed where and how our relevant services collect, use, store and dispose of personal data and has updated policies, standards, governance and documentation where needed. Oita Sumitomo Corporate is dedicated to keeping such due diligence current and carrying out re-assessments periodically and/or as required by changed circumstances.

Contractual Commitments

Working in conjunction with our partners and customers, Oita Sumitomo Corporate is reviewing our contractual commitments and updating as needed to directly address GDPR requirements. Oita Sumitomo Corporate has also reviewed its existing supplier contracts to ensure GDPR compliance throughout its supply chain and will continue to conduct due diligence as new suppliers are onboarded.

Cross-border Data Transfer

In addition to ensuring Oita Sumitomo Corporate's contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law, Oita Sumitomo Corporate plans to certify under the EU-US Privacy Shield Framework.

Employee Training and Awareness

All Oita Sumitomo Corporate employees must complete data privacy and security training. Oita Sumitomo Corporate will supplement existing training modules with GDPR-specific content. In addition to these training requirements, Oita Sumitomo Corporate conducts ongoing awareness initiatives on a variety of topics, including data protection, security and privacy.

Oita Sumitomo Corporate Partners and Customers

Compliance with the GDPR requires a partnership between Oita Sumitomo Corporate and our partners and customers in their use of applicable Oita Sumitomo Corporate services. In this context, Oita Sumitomo Corporate generally will act as a data processor and our partners and customers generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers meet their GDPR obligations. In the meantime, Oita Sumitomo Corporate encourages partners and customers to independently familiarize themselves with the GDPR.