The European Union’s General Data Protection Regulation (GDPR) went into effect earlier this year, and while many employers may think this E.U. law doesn’t matter for them, there are some important implications based on the nature of the law.
Specifically, the law applies to E.U. citizens as opposed to companies within the European Union. That means that companies that employ E.U. citizens or maintain data on E.U. citizens are subject to the law. In a previous post, we provided a general overview of the GDPR.
Here are three specific GDPR challenges for HR departments:
1. Understanding the Right to Personal Data
The GDPR gives E.U. citizens enormous power over their personal data. These can be anything from phone numbers to personnel records. That power includes the right to examine personal data kept on them and, in some cases, have those data deleted.
2. Understanding Why Data Are or Are Not Needed
The GDPR also puts a big burden on those collecting and processing data to demonstrate why they need those data. This means employers need to make sure they aren’t needlessly storing data on employees and that there is a specific justification in the GDPR permitting them to collect and store those data.
3. Making Employee Guidance and Consent Clear
As one expert predicts, communication is going to be key entering GDPR’s enforcement phase and your communication should be clear, concise, and without legalese.There are large parts of the GDPR that have to do with consent to collect and store data. Employers need to be very clear with employees on those rules and what constitutes consent.
It’s true that the GDPR is an E.U. law. But its reach already extends beyond the borders of the European Union, and it’s possible that other countries—including the United States—could adopt similar legislation in the future. This means that HR professionals within the United States need to be aware of the law’s provisions and impacts.