The GDPR and What You Need to Consider for Your Organization
The GDPR, General Data Protection Regulation, was proposed by the EU Commission and will be put in to effect on May 25, 2018. The new regulation will impact the way that organizations handle personal data of any individuals that are EU citizens.
In this blog, we will discuss what you need to know about this new EU data privacy regulation and how you can prepare for the changes to come.
What exactly is the GDPR?
The GDPR is a regulation put in to place to protect the data of the individuals in the EU. It gives individuals the control and protection of their personal data in the digital world that we live in today. Data controllers and processors will be most affected.
How will this affect you and your organization?
The regulation will apply to any organization that has employees or manages and processes personal data of individuals’ activities in the EU.
Organizations located outside of the EU will still need to comply with the rights of individuals and comply with the obligations of controllers and processors of personal data. Organizations that don’t follow the regulation will be penalized. Below are the two possible fines.
Penalties up to:
- 4% of annual global revenue OR 20 million euros (whichever is greater)
- 2% of annual global revenue OR 10 million euros (whichever is greater)
Why is this important to HR functions?
- Personal data on the internet and computer systems is increasing.
- With new technological development comes an increase in use of personal data.
- The usage of personal data creates advantages for corporations, customers, and employees.
- Managing personal data is a decisive parameter for handling competition and fulfilling customer expectations.
- HR systems are full of personal data, from employees to applicants.
Things to consider:
1. Software and applications may enable compliance – SuccessFactors is on a current basis, releasing new functionality related to GDPR (and will continue to do so).
2. Companies must document processes and decisions taken with respect to registrations and use of personal data. It is key for each company to identify data elements that house employee personal information, where it is physically stored, and how they use each piece of information.
3. Implementing a new solution does not guarantee compliance, BUT it is an excellent enabler to be compliant, i.e., there is significant overlap in tasks required for proper HCM software implementation and GDPR compliance.
- It is easier to document fewer standard/global processes and decisions than many local process variations.
- It is easier to operate with a standard solution supporting a consistently applied process rather than various local systems.
- With a cloud solution like SuccessFactors, you can guarantee that data resides within the EU and even to a specific data center.
The new regulations will be coming in to effect in the next few months, so organizations need to be ready with their business process definition, technology solution, and documentation regarding employee personal information.
For more information or to inquire whether your organization is ready for May, check out this blog by Mark Miller of GP Strategies. You can also contact me directly with any questions at firstname.lastname@example.org or Ole Andersen at email@example.com.