The European Union’s (EU) sweeping new data privacy law, the “General Data Privacy Regulation” (GDPR), is set to take effect on May 25, 2018. While the GDPR primarily affects companies operating within the EU, it also regulates the transfer of personal data – including employee data – from the EU to other countries, including to the United States. Accordingly, companies that want to import such personal data need to be aware of the restrictions and adopt one of the available means to comply.
Since the GDPR was adopted in 2016, companies operating in the EU have been using the two-year start-up period to explore compliance options and put processes in place to comply with the new law before the May 25, 2018 deadline. As just one example of the GDPR’s myriad new requirements, covered companies must designate a Data Protection Officer (DPO) who reports to the highest level of management, to handle “all issues which relate to the protection of personal data.”
U.S. companies that do business in the EU, and want to transfer data across the pond, also have been working on their compliance strategy. NT Lakis lawyers have therefore prepared a guide that highlights the GDPR compliance options specific to HR data.
Members of the Center for Workplace Compliance (CWC) can read more here.