GDPR & Global Mobility: A Short Summary
GDPR: What is it?
The General Data Protection Regulation is a piece of legislation introduced by the European Parliament with the aim of giving individual data subjects more control over their personal data. Organisations will gain express permission to store data, explaining why it is required and for how long. Personal data refers to “any information relating to an identified or identifiable natural person” and can be further categorised into special category data, which has additional protections.
GDPR: When is it?
The GDPR will be implemented from 25th May 2018 onwards. With this deadline rapidly approaching companies across the EU are hastily making internal changes to ensure compliance. Making these changes is perhaps most challenging for those sectors focused on international activity inside and outside of the EU. It is therefore not surprising that Professionals engaged within Global Mobility and Relocations Services are some of the most vocal when it comes to GDPR enquiries.
GDPR: What are the main pitfalls?
One major problem is incorrect information. Plans for the GDPR have been subject to rumour and conjecture for months…One big misconception for Global Mobility and Relocation Practitioners is the idea that if you aren’t working with assignees in the EU the GDPR is not relevant. Big mistake! If your organisation does business with EU based firms or you happen to be relocating an EU citizen even outside of the EU the terms of the GDPR still apply.
GDPR: How will this change Mobility practice?
With the GDPR on the way it is now more vital than ever to keep a strict record of data flows. A Mobility Professional will not be firing across quick messages to third party DSPs regarding assignee requirements without first considering whether this might constitute leaking of personal data. To make sure everything runs smoothly, auditing of data sharing and the formulation of correct protocol when it comes to data transfer and processing will be essential.
GDPR: What should I do?
Do your homework! Global Mobility Professionals should ensure there are correct privacy policies and security procedures in place. This might include impact assessments as well as scrutinizing third party / supplier contracts for GDPR compliance. Mobility professionals should consider the purposes of data sharing before data is released, and ensure the data being shared is as limited as possible to fulfil the needs of that specific requirement. Unnecessary or redundant data should not be shared!
GDPR: What are the penalties?
The ICO makes it clear that the “GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach … Failing to notify a breach when required to do so can result in a significant fine up to 10 million euros or 2 per cent of your global turnover.” This being the case Mobility Professionals should be thorough in their GDPR research and preparations.
Katie Smith, Assoc CIPD, BA Hons, HR Advisor at Alchemy Recruitment Ltd