Last week, Theresa May’s Brexit plan was defeated, leaving United Kingdom employers (along with the rest of the world) with a number of questions. One primary concern: maintaining compliance with the General Data Protection Regulation (GDPR) if the UK leaves the European Union before a deal is in place. While a lot remains unclear, here are three things to be aware of when preparing employee data for a no-deal Brexit.
1. You can keep applying GDPR requirements to your UK employee data. The UK has largely adopted the content of the GDPR into its own data protection standards through the Data Protection Act (2018). This means that as long as your UK data is GDPR compliant, it should generally also be compliant post-Brexit.
2. For now, you will still be able to transfer UK employees’ personal data to the EU. Per guidance put out by the UK government, “In recognition of the unprecedented degree of alignment between the UK and EU’s data protection regimes, the UK would at the point of exit continue to allow the free flow of personal data from the UK to the EU.” In the long term, the UK plans to work with the EU to put an adequacy decision in place, which will allow the free international transfer of employee data between the UK and the EU.
3. Consider alternative, compliant methods to transfer EU employee data to the UK. Transferring EU employee data to the UK will likely become more complex, at least in the short-term. For many employers, this will mean creating or updating standard contractual clauses, also known as SCCs. This is the common practice for most 3rd party countries. SCCs are contractually agreed to personal data protection processes which help facilitate the safe transfer of personal data. The UK’s Information Commissioner’s Office has posted guidance that employers can use when considering standard contractual clauses.
Whether it’s a new regulation, or a nation’s exit from an international agreement, employers always have to be prepared for compliance changes. PeopleDoc by Ultimate Software customers have the option to add HR Compliance Assist to help keep up-to-date with the latest international employee data requirements.
You May Also Be Interested In:
What is the CCPA and what does HR need to know?
The California Consumer Privacy Act (CCPA), intended to protect the privacy of California residents, is having a ripple effect across the United States. Originally designed to give California consumers new rights, the definition of “consumer” in the Act is so broad that your workforce data may also be affected. If you're an employer who may be impacted by the CCPA, here are 5 actions you can consider before the new privacy law goes into effect on January 1, 2020.
It seems like every week there is a news blast on how data has been misunderstood, misused or abused. From Cambridge Analytica’s purposeful abuse of personal data to Strava’s unintentional reveal of military bases, 2018 has brought the consequences of personal data collection to the forefront. That said, it’s important not to forget that with proper use, personal data can have a huge, positive impact on your HR practices. Employers have used personal data to make better hiring decisions, help employees get healthy and address biases in the workplace.
Robin is the HR Compliance Assist Manager at PeopleDoc. She joined the team to help customers remain in compliance globally and easily navigate foreign rules and regulations through HR Compliance Assist.
Previously, Robin managed client HR communications and provided outsourced HR support. She has a Masters in Psychological Counseling from Teachers College, Columbia University.