Is your HR Department GDPReady?

On May 25th, the EU will begin enforcing new legislation on how companies handle personally identifiable information (PII). The legislation, known as the General Data Protection Regulations (GDPR), requires companies to take extra steps in protecting the privacy rights of users and employees alike.

This is particularly important for HR Departments as they are the hub for employees’ personally identifiable information.

  1. Will my company be affected by GDPR?
  2. What steps can we take to ensure GDPR compliance?

Will my company be affected?

Even if your company has no physical presence in Europe, there is a strong chance you will be required to adhere to the GDPR. The legislation affects almost any company processing the personal data of European residents. If your company has any employees, users, or customers that reside in the EU, you must adhere to certain GDPR compliances.

If your company has any employees, users, or customers that reside in the EU, you must adhere to certain GDPR compliances.

Although the EU has had digital privacy protection legislation in place since 1995, the GDPR increases the stakes significantly. Companies found to be in violation of the GDPR after May 25, 2018, will face minimum fines of $11.8 million (€10M).

For larger companies, the cost of GDPR non-compliance is even greater. The maximum fine for violations is 4% of global revenue. So, for tech titans like Google and Apple, a GDPR violation could cost a company billions.

In addition to steep increases in fines, the EU commission has expanded the definition of personal data to include location information, IP addresses, as well as user’s metadata.

The broadened scope of the GDPR, in addition to its hefty fines, has put renewed emphasis on how companies are handling sensitive information. 77% of executives at U.S. companies with over 500 employees plan to spend over $1 million on GDPR compliance, and 54% said GDPR is their top data security concern.

What steps can we take to ensure GDPR compliance?

There is an exhaustive list of requirements that HR teams and organizations must adhere to in order to be GDPR compliant. When it comes to employee data, employees have the right to access their personal data, the right to restrict access to certain parties, and the right to rectify incorrect or incomplete data.

HR software tools like Truework ensure companies and employees are in control of their data. Employees have full access to their data, providing them with complete transparency into how their personally identifiable information is shared. Truework requires explicit employee approval before sharing any employee information.

Safeguards like these help accelerate HR teams toward GDPR compliance. Under GDPR, companies are held fully responsible for how employee data is shared, even across third party vendors.

Did you know? Under GDPR, companies will be required to report a data breach within 72 hours.

Whether it is through a third party vendor or manual records, companies need to make sure their users’ and employees’ data is secure and organized. Lack of communication between companies, employees, and third parties could lead to multimillion-dollar fines.

Next week we’ll dive into the requirements that matter most to HR teams. Subscribe to the Truework blog today to stay up to date!

This is part 1 of 3 in our series on GDPR. Read part two here.


Subscribe to the Truework blog for the latest trends, research, and news around human resources.