What Boards Should Know About the GDPR FAQ

In brief: The European Union’s General Data Protection Regulation (GDPR) requires—with some exceptions—affirmative opt-in and usage notices for data collection in the European Union (EU) by any organization with 250 or more employees. It applies to European organizations collecting data within the EU and non-European companies with data subjects based anywhere in the region. Any person located within the EU is considered to be a “data subject” under the regulation. The regulation mandates in detail the proper procedures related to required data collection and usage, including cybersecurity measures, making compliance a challenge, especially for smaller firms.

The focus on the board’s compensation committee has never been sharper. The components of compensation plans and the link between compensation and company performance are under intense scrutiny from shareholders, employees, policymakers, the media, and other stakeholders. The Report of the NACD Blue Ribbon Commission on the Compensation Committee revisits NACD’s 2003 Report of the NACD Blue Ribbon Commission on Executive Compensation to highlight the new environment in which compensation committees—and, more broadly, boards—are now operating. It recommends that the compensation committee and board work together to establish an executive compensation philosophy that supports the company in creating long-term, sustainable value.

The report includes ten specific recommendations for compensation committees to consider when evaluating their compensation philosophies. It also provides practical tools, such as sample compensation committee charters, a compensation committee assessment, and guidance on executive employment contracts.