The New EU Data Protection Regime from an HR Perspective
The EU institutions have agreed on the text of the EU's successor privacy legislation: the General Data Protection Regulation (GDPR). The GDPR will replace the 'patchwork quilt' of 28 different EU Member States' laws with a single, unifying data protection law, which should lead to significantly greater data protection harmonization throughout the EU. In addition to harmonizing the EU data protection legal framework, its main objectives are threefold: First, the GDPR increases the rights for individuals. Secondly, it strengthens the obligations for companies. Thirdly, the GDPR dramatically increases sanctions in case of non-compliance. Employers will need to very carefully assess their current HR-related processing activities and identify the gaps with the GDPR. On the basis of this gap analysis, they will need to update their existing procedures and implement the required mechanisms to comply with the new obligations. Failure to do so may result in significant fines or other enforcement measures that could materially impede their business.