The European Union’s (EU) General Data Protection Regulation (“GDPR”) came into effect on May 25, 2018. It was a significant change for global data privacy law and introduced complex rules for organisations involved in the collection and processing of personal data of individuals. located in the EU. 


  • Updated the previous EU privacy framework to create a common set of data privacy and security rules across the EU.
  • Reinforces principles of transparency and openness with individuals as to what data companies hold about them and how it is used.
  • Provides individuals in the EU more consistent rights to access and control their personal data
  • Establishes general accountability requirement, requiring companies to be able to demonstrate the ways in which they comply with data protection principles. 


As a global Executive Search and Talent Management organisation, AIMS International takes our responsibility to protect your personal data seriously. 

  • Assessing all our processes involving personal data:
    We have been mapping – and will continue to do so – personal data processed by the company, reviewing methods of processing, evaluating security measures applied
  • Creating a Data Protection Governance:
    Reviewing how our organisation manages privacy, designating new privacy roles, assigning responsibilities, ensuring data protection is managed at all level of our organisation also launching specific training and awareness programs
  • Embedding Privacy into Operations:
    Setting new rules, redefining operational procedures, reviewing all the information and documental systems
  • Assessing Third Parties:
    When we entrust part of data processing externally, we want to make sure that third parties will protect data as we do: we’re assessing their organisation, updating their contracts with us, evaluating all IT and software applications by evaluating their capacity of ensuring a proper protection to personal data
  • Creating a Record of Processing Activities:
    One of the most important requirements of the GDPR. It will be the real “control room” about all our processing activities under our responsibility. What, who, where, why and how personal data are being processed, internally and externally of our company
  • Risk Analysis and DPIA (Data Protection Impact Assessment):
    Are there any risk for individuals while we’re using their data? We’ve been assessing the risk of our existing processing activities and, should potential high risk to individuals’ be present, we have a DPIA methodology ready to be performed in order to calculate the risk level and mitigate it through additional organisational and technical measures, as required by the GDPR. Any new processing activity will be submitted, by-design, to this process.
  • Data Breach procedure:
    We are constantly working on improving our security measures and establishing data breach policies, recording any incident could happen, being able to manage in a timely fashion when it occurs
  • Updating Privacy Notices and Consent management:
    We are reviewing all our Privacy Notices published in order to respect the requirements stated by the GDPR rules and to improve awareness, comprehensiveness and transparency of our communication. When you’ll be asked for a consent you’ll be made aware what you‘re giving permission to
  • Improving processes to respond to your rights and requests:
    We are constantly working on new policies and procedures to address possible requests from individuals to access personal data processed and to guarantee the exercise of the data subjects rights. You have the right to access, correct, erase, object or restrict processing of your personal data. You can also ask for the portability of your data, which means that you have the right to receive the personal data we’re processing in a commonly used format and to ask us to transfer that data to another controller, if you request so.