The European Union (EU) has strict data privacy rules to protect employee’s data. The General Data Protection Regulation (GDPR) is the most powerful data privacy change in 20 years. It was approved by the European Parliament on 14 May 2016 and gave companies two years to comply with the regulation.
The GDPR replaced the Data Protection Directive 95/46/EC and was created to standardize the data privacy laws across the EU. The goal of the regulation is to protect EU citizens from privacy and data breaches and provide additional regulatory policies. The regulation applies to anyone involved in processing data about individuals that extend to the selling of goods and service in EU, regardless of whether the organization is located in the EU.
- Consent – Must obtain consent for data use and it must be easy to withdraw content. Organizations must have the ability to prove consent.
- Breach Notification - Reporting of the data breach with 72 hours to individual impacted and to regulatory agencies.
- Right to Access – Individual have right to request access to their information.
- Right to be forgotten – Individuals have the right to request their data be erased/deleted from all platforms.
- Data Transfer – Map transfer of data and the business reason for the transfer.
- Data Protection Officers – Must be appointed in public organizations and organization with more than 250 employee.
- Penalties for Non-compliance – Organization can be fined up to 20 million Euros or 4% of global turnover. Multi-national organizations are treated as single entities.
The Global Payroll Management Institutes plans to provide payroll professionals articles on GDPR in upcoming issues of our Global Magazine, webinars and Twitter Chats to help payroll professionals to understand the new regulations and prepare for GDPR. Please continue to visit our website for up to date information and watch for our August/September Global magazine issue for the next GDPR article.
Learn more about the GDPR regulation.