2018

Aon and DLA Piper recently revealed a "price and data security" guide regarding insurance for the General Data Protection Regulation (GDPR), which revealed that Finland and Norway are the only two counties where insurance for fines might be found.

The guide reviews the insurability across Europe, which can reach up to four percent of a group's annual global turnover.  Although coverage may be limited, the authors still encourage businesses to make insurance part of their risk management strategy to manage costs associated with GDPR non-compliance and resulting business disruption losses.

Turkey has published details of its Data Protection Authority's organizational structure department duties, powers and responsibilities, as well as the Authority's working procedures and principles.

The Regulation states that the Authority will consist of a presidency, plus a nine-member board that will include the Authority's president and the second president. The President will appoint people to carry out internal audit, enquiry and investigations.

The Board is authorized to issue rules and guides for any matters that are not addressed or clarified in the Regulation.

What should HR teams be doing to ensure GDPR compliance?

According to legal experts with Clyde & Co., HR should keep staff informed of any changes to the legislation.  HR should also prepare and update policies and procedures, for example, those relating to recruitment and obtaining references and medical reports.

Another key item for HR is to educate staff about their data protection and security obligations, which also demonstrates that HR has taken steps to ensure that staff process personal data lawfully.  HR should also keep personal data no longer than necessary and implement data retention polices.

Last, HR should demonstrate compliance with data protection principles.