Compensation & Benefits DEI Employee Engagement & Experience Employment Law HR Technology Learning Mental Health and Wellness People Analytics Recruitment & Talent Acquisition Shared Services Talent Management
Compensation & Benefits DEI Employee Engagement & Experience Employment Law HR Technology Learning Mental Health and Wellness People Analytics Recruitment & Talent Acquisition Shared Services Talent Management

GDPR Compliance: Tips and Myths

Add bookmark
Mason Stevenson
Mason Stevenson
11/14/2019
GDPR Compliance Tips and Myths_white caution cone on keyboard

NOTE:  This article should not be seen as a legal resource, but merely a way to provide some direction regarding the General Data Protection Order.  For legal advice, please see your company’s legal team.

If a company is global, the likelihood is high that it has and will continue to come in contact with the European Union’s General Data Protection Regulation, or GDPR.  Companies headquartered in the EU spent a considerable about of time preparing for the new regulation before it went into effect in May of 2018.  Many are still working to meet compliance today.

But the regulation, while specifically applying to companies in the EU, also impacts companies outside the EU.  If a company in the United States, for instance, employs workers in an EU country they are required to follow the GDPR.  That means the company’s HR department is going to have to be GDPR compliant.   Failing to do so will result in fines.

So, how do companies outside of the EU work to become GDPR compliant?

The General Data Protection Regulation

What is the GDPR?

The GDPR was agreed upon by the European Parliament and Council in April 2016. It went into effect in May of 2018.  When that happened, the GDPR became the primary law regulating how companies protect European Union citizens’ personal data.

Each member of the European Union, as previously stated, must comply with the regulations. Those that don’t face penalties and fines.

Some of the key requirements of the GDPR include:

  • Requiring the consent of subjects for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to appoint a data protection officer to oversee GDPR compliance

Want to learn more about the GDPR?  Click here.

GDPR Compliance for HR

Because the GDPR puts in place new regulations on employee data, human resources needs to fully understand the regulation and what it will take to move into compliance. 

  • Data security – Companies with HR departments outside the EU need to make sure security compliance is maintained. This includes making sure the right people have access to employee data.  Not only does it include the right internal employees, but it also includes vendors contracted by the company.  They also need to follow the GDPR.
  • Employee privacy – The GDPR puts in place new rights for employees. Those need to be observed.  Additionally, these must be formalized by the company to ensure transparency.  That means a review of current polices needs to be conducted if it hasn’t already been completed.  Also, HR will need to make sure communication of these new rights and policies meets guidelines under the regulation.
  • Current processes – Similarly, current processes need to be reviewed. In many cases, those will need to be amended to comply with the GDPR.  Companies can no longer simply ask for employees to release their data.  HR must present a valid reason for requesting it.
  • Data retention – The GDPR also puts in place new rules regarding data retention. Companies not only have to get permission from employees to use their data, but they can only hold on to it for specific amounts of time.  It then has to be deleted.
Source:  People Doc by Ultimate Software

GDPR Myths

With a law as large as the GDPR, there are a lot of misconceptions about it.  Authors at tripwire lay out several myths.  Several are paraphrased below.  To read more myths, click here.

After the UK leaves the EU, the GDPR will no longer apply.

That’s indirectly untrue.  While the GDPR will no longer apply, the Data Protection Act 2018 will and it is a carbon copy of the GDPR.  So while the GDPR will no longer apply, the DPA 2018 means employers will have to follow the exact same rules.

Once GDPR compliant, always GDPR compliant.

That is not true.  The GDPR is structured in such a way that compliance is an “ongoing process rather than something you achieve forever.”

A Data Protection Order, or DPO, is required by companies.

Also not true.  A DPO is not mandatory for everyone.  It is only needed “if you are a public body that processes data, your core activities involve regular monitoring of data subjects or you process sensitive data on a large scale.”

In Summation

At the end of the day, companies are much like communities.  They no longer operate in one single country.  Many have grown to exist on a global scale.  That means they have to, at least in some way, conform to the laws of the country just as they would adjust with the culture of their workers.  Embracing the GDPR, while admittedly difficult, is necessary and ultimately a positive step forward in the protection of all data.

NEXT:  Benefits of Cloud Computing in HR

 

Want more content faster?  Connect with us on Twitter, Facebook and LinkedIn.  And don't forget to join our LinkedIn group!

 

Photo courtesy:  Pexels

Tags: HR HR Articles GDPR data data protection employee data

Upcoming Events

2024 AI in Hiring Trends: Navigating the governance, concern, and power of effective solutions

23 May, 2024
Online

Register Now | View Event
2024 AI in Hiring Trends: Navigating the governance, concern, and power of effective solutions

People Analytics Exchange

June 25 - 27, 2024
Minneapolis, MN

Register Now | View Agenda | View Event
People Analytics Exchange

All Access: Change Management for Business Transformation 2024

July 23 - 24, 2024
Free PEX Network Webinar Series

Register Now | View Event
All Access: Change Management for Business Transformation 2024

All Access: Digital Adoption 2024

October 22 - 23, 2024
Free PEX Network Webinar Series

Register Now | View Event
All Access: Digital Adoption 2024
MORE EVENTS

Follow Us

         

Latest Webinars

2024 AI in Hiring Trends: Navigating the governance, concern, and power of effective solutions

2024-05-23
11:00 AM - 12:00 PM EDT

Gain insight into key AI hiring trends and learn from HR leaders, who debunk myths and lean into the...
2024 AI in Hiring Trends: Navigating the governance, concern, and power of effective solutions

Why digital adoption is pivotal for change management in 2024

2024-03-27
11:00 AM - 12:00 PM EDT

Learn from change leaders about how digital adoption can drive change management across the technolo...
Why digital adoption is pivotal for change management in 2024

2024 Hiring Trends: Unlocking Human Potential and Harnessing AI for Skill Assessment and Development

2024-03-07
11:00 AM - 12:00 PM EST

Leverage artificial intelligence to help employees grow professionally and reach their full potentia...
2024 Hiring Trends: Unlocking Human Potential and Harnessing AI for Skill Assessment and Development
MORE WEBINARS

RECOMMENDED

FIND CONTENT BY TYPE

HR Exchange Network COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE HR Exchange Network COMMUNITY

Join HR Exchange Network today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

HR Exchange Network, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy