Companies located in the United States that seek to collect Sensitive HR Data in the EEA/UUK and transfer it to the U.S. in compliance with the General Data Protection Regulation (GDPR) should consider several factors. These include collection activities, establishing a legal basis for processing, processing restrictions, the required Data Protection Impact Assessment (DPIA), the designation of a Data Protection Officer, safeguarding the transfer of data, and regulatory oversight and penalties.