Over the past few months, the subject of the EU’s General Data Protection Regulation (GDPR) has made its way into everyday business discussions, not just those of IT and security professionals. According to Google Trends, searches on this subject have increased by 100% in the last four months. So, is this scaremongering by the press or consultants wishing to make a quick profit from our ignorance? Let’s take a closer look at the regulations…
EU GDPR & Why Should You Care?
GDPR, when it comes in to force on 25 May 2018, will apply to all companies processing and holding personal data of residents of the European Union, regardless of the company’s location. It was designed to strengthen and unify data protection in the EU and will have an enormous impact on domestic and foreign companies offering goods or services to EU citizens. The UK has agreed to adopt the GDPR standard into legislation regardless of Brexit.
Its scope is broad, but generally it pertains to:
- Stricter controls around how data can be stored and permissions for its use
- Proper reporting structure for data breaches, need for data protection officers, and severe penalties (up to 4% of annual global turnover or €20 Million whichever is greater) for those that do not comply with the regulations.
- The return of control for personal data to the individual with the ‘right to be forgotten’ and portability of personal data as two examples
Not prepared? You’re in good company! According to Gartner, “on the date of effectuation, more than half of companies affected by the GDPR will not comply fully with its requirements”.
What You Need to Know to Get GDPR-Ready
The first step is to understand the key changes and impact of the GDPR on your business by getting advice from your legal team and data privacy officer. These regulations apply to all personal data, whether it is sitting in your sales, financial, product, or staffing databases. You need to start planning now and prepare a robust strategy to comply with requests from customers or regulators.
These rules (and penalties) apply to both data controllers and processors – which means 'clouds' will not be exempt from GDPR enforcement. Read the ICO whitepaper to find out more about the governance implications.
There are five key areas to focus on:
- Legal basis for processing and consent
- Data sharing
- Data processing
- Rights of individuals
- Security
And of course, these regulations relate to data gathered through the use of contingent labour such as contact details, work history or hours worked. A major component of GDPR is ‘the right to be forgotten’. This right enables an individual to request the deletion or removal of personal data when there is no compelling reason for its continued processing. What happens when private data is removed? How will this this impact my program? Fear and uncertainty of this powerful and far-reaching legislation is natural but there is help out there…
How Beeline Can Help
Having complete visibility of your data in a secure and controlled environment is essential and your workforce data should be no exception. Beeline has always had a strong policy on security meaning that it is already compliant to many elements of the legislation but is also actively working on enhancements for full compliance before the deadline. To ensure the VMS technology meets business needs, we are assembling a focus group of clients to provide feedback in the interim - keeping our VMS technology and you one step ahead of the regulators!
If you are a Beeline client and have specific questions on how the GDPR will affect your program contact your Relationship Manager. If you’re not yet a client, reach out here and let us show you how we can help you get control of your entire extended workforce!
