4 Things to Know About GDPR and Why It Matters to HR
Arnaud Gouachon

By: Arnaud Gouachon on March 13th, 2017

Print/Save as PDF

4 Things to Know About GDPR and Why It Matters to HR

Compliance and Security

Est. Read Time: 3 min.

 In May 2018, the EU will implement its new data privacy regulation, called General Data Protection Regulation, or GDPR. This new regulation will have major implications for any company with employees residing in the European Economic Area, regardless of the employees citizenships. The GDPR enhances data protection for employees and carries substantial penalties for non-compliance. The May 2018 compliance deadline is on the horizon and it’s important for companies to understand the GDPR’s impact on their HR departments practices.

The requirements under GDPR are expansive and compliance will call for a concentration of time, effort, and resources from HR departments at affected companies. We’ve outlined the top 4 most important things to know about the GDPR and how it could affect your company.


EU GDPR and HR.png1. All companies with EU-based employees will be affected.

Even if the company is not established in Europe, any company with employees residing in the European Economic Area must comply with the GDPR. Additionally, third party vendors that process employee personal data (i.e. processors) pursuant to a contract with these companies (controllers) must also comply.


2. The GDPR guides a wide range of data privacy processes.

These extensive requirements will affect organizational and procedural changes within the impacted companies. The GDPR rules cover data processes that span from international transfers of employee data and security measures to employee rights concerning their data and how data is controlled and processed.


3. The GDPR establishes a large number of new rules.

Because the GDPR introduces a considerable amount of new information and regulations, HR departments will need time and resources to account for each new compliance area. Some of the biggest changes include expanded security breach measures and definitions of personal data, extended employee rights, and potential personnel changes, such as the appointment of a Data Protection Officer.


4. Non-compliance is costly.

Once the GDPR goes into effect on May 25, 2018, companies who are non-compliant will face massive penalties. Fines can be as high as 20,000,000 EUR, or up to 4% of a company’s annual global revenue. In addition, employees will be able to take legal action against, and claim damages from, both employers and their third party vendors.


To meet the GDPR requirements, we recommend starting the compliance process as soon as possible. Learn more about GDPR and how you can be prepared for the 2018 deadline!

View our On-Demand GDPR Webinar with Top Global Data  Privacy Lawyers
View our On-Demand GDPR Webinar with Top Global Data  Privacy Lawyers

About Arnaud Gouachon

Arnaud leads PeopleDoc's global legal and compliance organization, bringing over 10 years of legal experience. Prior to joining PeopleDoc, Arnaud was Vice President and General Counsel for Transdev On Demand, Inc., a subsidiary of Veolia Environnement group, where his focus was on US commercial contracts, corporate law, compliance and employment law. He has two Masters degrees in law from Northwestern University in the US and Paris XII University in France, as well as a Certificate of Business Administration from Instituto de Empresa in Madrid, Spain. He is a member of the New York Bar.