EHS Insight and The General Data Protection Regulation (GDPR)

Last modified: November 23, 2021

EHS Insight offers a GDPR-compliant Data Processing Addendum (GDPR DPA), which enables customers to comply with GDPR contractual obligations. The EHS Insight GDPR DPA is incorporated into the EHS Insight Terms of Service and applies automatically to all customers globally who require it to comply with the GDPR.


On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as “model clauses.” The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States (US). However, in the same ruling, the CJEU validated that companies can continue to use SCCs as a mechanism for transferring data outside of the EU.


Following this ruling, EHS Insight customers and partners can continue to use EHS Insight to transfer their content from Europe to the US and other countries, in compliance with EU data protection laws – including the General Data Protection Regulation (GDPR). EHS Insight customers can rely on the SCCs included in the Data Processing Addendum (DPA) if they choose to transfer their data outside the European Union in compliance with GDPR. As the regulatory and legislative landscape evolves, we will work to ensure that our customers and partners can continue to enjoy the benefits of EHS Insight everywhere they operate.


When it comes to the data in EHS Insight, review our updated Terms of Service and Privacy Policy. When you accept EHS Insight’s Terms of Service, you are acknowledging that your use of EHS Insight will be compliant with all applicable laws, including the GDPR.


Also, please review our list of sub-processors.