“HR Urged to Prepare for New Data Protection Law in Europe”

7/31/2017
SHRM


“Data protection in Europe is about to become far more stringent.

“To protect employee and consumer data, organizations that do business in or with European countries must—by May 25, 2018—comply with the General Data Protection Regulation (GDPR) or face harsh fines and penalties.

“Passed in April 2016 by the EU Parliament, the law replaces the Data Protection Directive…The new regulation's key objectives are to give people control of their personal data and to streamline current laws surrounding the legal use of this information.

“Under the GDPR:

  • “All companies must document employee consent about the access and use of their data.

  • “Any organizations that process employee data within the European Union (EU) must comply with the new law—even if those companies aren't in Europe.

  • “Organizations that fail to comply with the new law face fines and penalties equivalent to 4 percent of their annual revenue or 20 million euros, whichever is greater. 

“…Experts are urging companies to get compliant now.

“‘With the EU's General Data Protection Regulation less than one year away, organizations around the world are deeply concerned about the impact that information non-compliance can have on their brand and loyalty of their customers,’ Jason Tooley, vice president, Northern Europe, at Veritas Technologies LLC, said in a company statement.

“He said organizations need to begin educating themselves now on ‘the tools, processes and policies to support information governance strategies that are required to comply with the GDPR requirements.’ 

“…[E]mployers can prepare for compliance with the new regulation by doing the following:

  • “Learn where your critical employee data systems are held…and for what purpose data is being used.

  • “Determine who owns the data based on contractual information. 

  • “…Set up a system in which employees give explicit permission to the employer to gather, store and share their data. 

  • “Find out what your cloud-based software vendors are doing with personal information and if they are taking steps to become compliant. 

  • “…Assign an internal data protection officer to oversee all GDPR requirements. This provision applies to employers with 250 or more employees.”

To read the full article, please click here