I say for “sure”, because a recent study by a major privacy consulting firm revealed that half of the 200 companies it questioned (with the majority being in the US and Europe) were not aware of the GDPR, and of those who were, 18% disagreed in the proclamation that it is “a significant change” in how data will be handled from 2018. It was interesting to see that mid-sized companies with an employee population of 1.000 – 4,999 where the best informed while big (BIG) companies with over 75.000 employees where the least. Am I reading too much into this?! Either way, the GDPR is scheduled to go live on May 25, 2018! The final text in all European languages can be downloaded here.
The compliance team at NGA HR has followed the development of the GDPR closely, as it does with all proposed or actual compliance and legislative reviews. We have picked out the highlights for you to review here.
The General Data Protection Legislation replaces the EU Directive 95/46/EC, which was enacted in 1995.
To put this time lag into context – and why a significant data legislation is required – here are a few significant milestones from 1995, possibly the year the mass consumer data was born.
1995: Before these data intensive innovators were headline news
If you have access to data, if you process data, if you do anything with data, then you need to take account of the following points, because they will impact your business, and your compliance:
And the wow factor:
Not only in Europe there are changes around data protection. The Hong Kong Information Commissioner has issued guidelines on how HR data should be managed by companies. They have also issued guidelines on employee monitoring and privacy. You can find these here.
Not far away from Hong Kong, China is also in the process of implementing a cybersecurity law. However, China is one of the few (big) countries that does not have a consolidated data privacy law, and. therefore, this can make it somewhat challenging to maneuver in the sea of applicable laws!
The Privacy Shield, the framework that is set to replace the EU-US Safe Harbor agreement (after its invalidation), is still on every body’s minds, or at least it should be on the minds of your legal counsels’ and operations directors’. And, it is looking very like Groundhog Day.
Firstly, the Article 29 Working Party had its rather ‘conservative’ review of the Privacy Shield. The European Parliament then said it didn’t really like it. And, to top this off the European Data Protection Supervisor told us….. that he didn’t like it either! All despite the European Commission signing it off initially.
The main reason is because the US government can access data – whenever and wherever it wants to. Additionally, the US Supreme Court has modified the ‘Federal Rules of Criminal Procedure’, granting law enforcement agencies more access to people’s personal data.
It should be remembered that one of the main reasons Safe Harbor was invalidated in the first place was because of unlimited US government data access, making this move look rather like shooting yourself in the foot?
As a global payroll provider, NGA has service delivery locations in the US and so it is imperative that we stay on top of any updates and changes to the Privacy Shield, and we will make sure that you are the first to know when data transfers to the US are ‘safe’ again!
Disclaimer: This article is intended only as a guide and an information piece on general data privacy updates and is not legal advice. You should always seek independent legal advice for more details.