How Is Huntsman Complying with the General Data Protection Regulation (GDPR)?

The GDPR became effective and enforceable on May 25, 2018.  The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union (EU), regardless of whether the organization has a physical presence in the EU.

Huntsman is committed to compliance with the GDPR and has been taking steps to meet this standard.  We also see this as an opportunity to improve efficiency in processes relating to our personal data handling practices.

What is Huntsman doing about the GDPR?

Because we work with individuals all over the world, compliance with and to international law and regulations is important to us.  We also value our employees, customers and vendors and their rights to privacy.  Shortly after GDPR was passed, we began working to ensure our systems and processes would meet GDPR standards.  Earlier this year, we began a series of GDPR training sessions for those Huntsman employees who access personal data in their daily work or whose job function requires an action to ensure the protection or safeguard of personal data.

What changes is Huntsman making to satisfy GDPR requirements?

Huntsman has been taking steps across the Company to ensure our readiness for GDPR.  We have been working to improve our data handling and protection processes within the organization, which includes creating self-assessment processes and internal controls.  We also have been working on processes that allow us to efficiently address requests from you related to your personal data rights .

What are some highlights of Huntsman’s privacy-related activities?

  • Worked to identify internal applications and processes impacted by GDPR.
  • Included GDPR requirements in the Huntsman Online Privacy Notice, which is accessible on our external website.
  • Ensured our third party IT security assessment process was updated to incorporate GDPR  and developed a privacy by design process.
  • Streamlined the process for GDPR-related requests from EU data subjects and strengthened our breach reporting process.
  • Introduced a personal data processing agreement with third parties vendors who process personal data on our behalf.
  • Registered with the EU/US and Swiss/US Privacy Shield Programs.

Who should I contact with questions?
You can request additional information on our GDPR and privacy-related activities by contacting us via our website at