Have you been hearing conflicting information about the General Data Protection Regulation (GDPR) and what HR must do to be compliant? It’s understandable as the GDPR isn’t so black-and-white. To help make it more clear, we set set the record straight for some of the most common misconceptions about the GDPR.
Myth: The GDPR applies to all EU citizens, even if they don’t work in the European Union
Truth: If you’ve been worrying about how to implement GDPR processes for EU citizens working outside the European Union, you can cross it off your to-do list. The GDPR only applies if your employees are physically located in the Union (or if you’re considered a Data Controller or Data Processor in the EU).
For example, if you have an EU citizen who is working in the US and is paid by a US-based payroll provider, the GDPR does not apply because the employee is not based in the EU, even though they’re an EU citizen. However, if the employee is living in the EU, the GDPR does apply.
Myth: You can’t transfer personal data outside the EU.
Truth: You can process personal data outside the EU as long as one of the following conditions are met: (A) The data is being transferred to a country deemed to have an “adequate” level of data protection by the EU, or (B) Appropriate safeguards have been taken in countries that don’t have an “adequate” level of protection (e.g., binding corporate rules or specific derogations).
Myth: Offenders will automatically get charged the maximum penalties
Truth: The GDPR wasn’t designed to fine companies, but instead help them create processes that respect individuals’ personal rights. Regulators will likely assess fines that are proportionate to the issue and take into account any compliance efforts that have been put in place. Various EU Data Protection Authorities have commented that repeated or intentional violations will likely lead to more substantial fines, but minor infringements in certain circumstances may only result in reprimand.
Myth: Compliance for HR teams is difficult and expensive
Truth: Although research shows that companies are spending over $1million on GDPR preparation, the reality is you do not have to pay for expensive solutions to follow the principles of the GDPR. However, it will take planning, dedicated resources, communication and ongoing program analysis (we outline the process in our step-by-step compliance plan). When it comes to technology, a digital platform that helps HR manage employee files and streamline processes will certainly ease the burden of GDPR compliance.
Looking for more clarification on GDPR requirements? International law firm Morgan Lewis will give the latest updates on the rule and clear up any confusion around compliance during our live webinar, 28 Shades of Gray: Making Sense of Member State Variances, taking place Thursday, March 1, 2018.
You May Also Be Interested In:
What is the CCPA and what does HR need to know?
The California Consumer Privacy Act (CCPA), intended to protect the privacy of California residents, is having a ripple effect across the United States. Originally designed to give California consumers new rights, the definition of “consumer” in the Act is so broad that your workforce data may also be affected. If you're an employer who may be impacted by the CCPA, here are 5 actions you can consider before the new privacy law goes into effect on January 1, 2020.
What impact could a no-deal Brexit have on employee data?
Last week, Theresa May’s Brexit plan was defeated, leaving United Kingdom employers (along with the rest of the world) with a number of questions. One primary concern: maintaining compliance with the General Data Protection Regulation (GDPR) if the UK leaves the European Union before a deal is in place. While a lot remains unclear, here are three things to be aware of when preparing employee data for a no-deal Brexit.
It seems like every week there is a news blast on how data has been misunderstood, misused or abused. From Cambridge Analytica’s purposeful abuse of personal data to Strava’s unintentional reveal of military bases, 2018 has brought the consequences of personal data collection to the forefront. That said, it’s important not to forget that with proper use, personal data can have a huge, positive impact on your HR practices. Employers have used personal data to make better hiring decisions, help employees get healthy and address biases in the workplace.
Robin is the HR Compliance Assist Manager at PeopleDoc. She joined the team to help customers remain in compliance globally and easily navigate foreign rules and regulations through HR Compliance Assist.
Previously, Robin managed client HR communications and provided outsourced HR support. She has a Masters in Psychological Counseling from Teachers College, Columbia University.