The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and while we have seen the first court decision, there are still a number of open questions. Though it’s (almost) six months later, there is a lack of clarity as to the long-term impact of the GDPR on HR, and quite a few misleading headlines. Here are three things we know now:
1. The uncertainty is here to stay
While many EU member states have updated their data privacy laws, some countries are still in the process of finalizing rules or making modifications. Employers, particularly those with employees in the United Kingdom, are keeping a careful watch on privacy-related national laws in the areas where they have offices (PeopleDoc HR Compliance Assist customers receive regular updates).
Separately, if you have been waiting for an official GDPR certification standard, you have to wait a little longer. The EU Commission and the Data Protection Authorities have not released a government approved certification process.
2. The GDPR is influencing laws in other nations
We are already seeing an impact around the world as countries reevaluate their data protection practices (hello, California Consumer Privacy Act). Expect the GDPR to set the new baseline standard in several countries. Wondering which countries to keep an eye on? Brazil has recently passed its first data protection law while India has a new draft regulation.
3. A data breach does not mean a company will be fined
Despite what some headlines suggest, a data breach will not necessarily result in a massive fine. Companies that follow best-practice security procedures and meet the GDPR requirements will likely have no reason to expect fines from the authorities. The larger risk for GDPR-compliant companies will be the long-term reputation damage. Data breach response plans should therefore not only meet the requirements of the GDPR, but also address how to rebuild trust with employees and the public.
The GDPR has resulted in employers putting stronger employee data protection processes in place, but this doesn’t mean the work is done. While the GDPR has already had an impact on Human Resources, there will continue to be changes for the foreseeable future. Expect requirements to be clarified, best practices to be created and a long-term impact on data policies throughout the world.
4 Reasons why the GDPR can be an asset to your business
With so many news articles focusing on obstacles, it’s easy to miss the benefits the General Data Protection Regulation (GDPR) presents for businesses. The privacy regulation, designed to protect EU residents, will also benefit businesses looking to streamline processes, improve security and build trust with consumers.
Robin is the HR Compliance Assist Manager at PeopleDoc. She joined the team to help customers remain in compliance globally and easily navigate foreign rules and regulations through HR Compliance Assist.
Previously, Robin managed client HR communications and provided outsourced HR support. She has a Masters in Psychological Counseling from Teachers College, Columbia University.