2017 Dwellworks Annual Report

IN RESPONDING TO THE GENERAL DATA PROTECTION REGULATION

O ver the past decade, Dwellworks has made it a business priority to develop a strong culture of compliance within our company and to be vigilantly responsive to ever-changing rules and regulations. This focus has been critical to our being out in front of industry, regulatory and client compliance expectations and has been a differentiating factor in clients awarding us business and encouraging us to expand to new geographies. The most notable issue currently attracting our attention is the General Data Protection Regulation (GDPR), a game-changing regulation passed by the European Parliament, European Commission and the Council of the European Union. Scheduled to go into effect May 25, 2018, the goal of the GDPR is to standardize the control and processing of personal data of EU residents, both within the EU and around the world. Many experts believe the GDPR will become the “gold standard” for global business privacy and security of personal data moving forward. This is critically important to Dwellworks, as we work with EU-based businesses and have EU residents as clients and employees. Making sure we are prepared for any compliance matter is part of a rigorous program led by our internal Enterprise Risk Management committee, which provides governance for Dwellworks on regulatory and best-business practice compliance. A key objective of the committee in 2017, after

ensuring renewal of the EU Privacy Shield certification, was preparing for the GDPR. Focusing on preparedness, the committee worked with like- minded subject matter experts within global mobility industry organizations to gain a better understanding of the regulation and how to comply.

If a business has associates who reside in the EU, offers goods and services to EU residents, or merely stores the personal data of an EU resident, they are required to comply with the GDPR.

Consistent with Dwellworks practice for financial and operational controls certification, such as independent SOC 1 and SOC 2 audits, we have also engaged an independent GDPR consultant to review our readiness and controls. The auditor’s feedback will provide analysis of the gaps Dwellworks needs to close prior to the effective date. Dwellworks is pursuing full compliance with the GDPR not only as a risk avoidance strategy, but because participation in this process provides the added benefit of improving business practices and expanding competitive advantage.

6