The General Data Protection Regulation enables the free flow of data across the Digital Single Market. It will better protect the privacy of Europeans and reinforce trust and security for consumers, while at the same time opening up new opportunities for businesses.
With the deadline quickly approaching, the General Data Protection Regulation – or GDPR – is just about everywhere you look. If you haven’t read about it in-depth, you’ve likely heard about it. If your company interacts with citizens in the EU – and you’re in the legal, IT, human resources, sales, account management, or marketing department – you’ve likely been tasked in some way with figuring out how your company will comply with it.
As a pioneer in global workforce management, iWorkGlobal has compiled vetted information and resources to help you navigate down the path of GDPR compliance.
What is the GDPR?
In brief, the GDPR was approved by the European Parliament on April 14, 2016, to protect the data and privacy of its citizens. By May 25, 2018, all companies that capture any personal data (name, IP address, email address, race or ethnic information, bank details, social media posts, etc.) of any EU citizen of the age of 13-years-old and above must comply.
Being out of compliance can mean hefty fines – up to 4 percent of annual global turnover or €20 Million (whichever is greater).
Which companies does GDPR actually apply to?
According to the European Commission, the law applies to:
- a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
- a company established outside of the EU which monitors the behavior of individuals in the EU or offers them goods/services (paid or free).
What are the steps to compliance?
No two companies are the same, so there isn’t an exact checklist that ensures your company’s compliance. Rather, there are general guidelines that should be followed to meet general GDPR requirements. These five recommendations are considered a starting point.
- Start with a committee. Gather all parties who are potentially affected by the GDPR. It is likely that many of your departments will be impacted by the regulation.
- Do your due diligence. Understanding where your data comes from, how it is stored, how it is used, and any potential risks are the foundation of the GDPR. This is a good place to start thinking about how you’d handle requests like “Please provide me all the data you have on me” (data portability) and “Please delete all the data you have on me” (the right to be forgotten). At all points of the process, your team should document its findings and actions.
- Communicate privacy information. As part of your due diligence, you should take time to review (and revise) privacy statements to properly reflect the requirements of GDPR and how your company uses data.
- Educate your team at large. The requirements detailed in the GDPR may have a ripple effect on your operations, especially if your customers (or your customers’ customers) are in the EU. Educate and train your team to properly communicate the regulations and how your company is compliant.
- Create an emergency plan. What if there is a breach? How will it be detected? Who is your internal point of contact? When do they need to alert authorities? What happens next? Your committee should discuss and find answers to these questions, assigning a plan of action in the event a data breach occurs.
As a leading provider of Employer of Record services in over 165 countries globally, including all 28 member states of the European Union, iWorkGlobal has implemented advanced data privacy measures to ensure GDPR compliance for users both in and outside of the EU. Clients around the globe can rely on iWorkGlobal to make hiring, paying and managing remote employees and contractors faster, error free, and compliant.
Sources & further resources:
Preparing for GDPR by the UK Information Commissioner’s Office
10 steps to GDPR Compliance by IT Governance EU
iWorkGlobal and its team of experienced industry experts are an authority in global workforce management. iWorkGlobal provides independent contractor compliance consultation, employer of record and agent of record services. Backed by over 45 years of industry experience, iWorkGlobal eliminates the time, cost, liability, and maintenance required to establish local entities and maintain local staff, resources, and facilities.
With operations positioned around the globe, our team of experts delivers high-touch, personalized service. Our state-of-the-art, award-winning technology platform, MyVista, simplifies pricing, invoicing, and putting your talent to work all over the world. Starting from our map-based dashboard, our intuitive interface provides complete visibility into your global contingent workforce securely, from your desktop to your mobile phone, anywhere in the world.