As the collectors, processors and custodians of huge amounts of personal data, HR professionals are at the front line of data compliance. Here is what you need to know about assuring EU and UK GDPR compliance, and how Cezanne HR’s GDPR-compliant HR system will help.
- The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and applies to the processing of ‘personal data’ of EU residents.
- As the UK has left the EU/EEA, the EU GDPR regime no longer applies to the UK. It has been replaced by ‘the UK GDPR’. While allowing for future divergence, this is largely the same as the EU rules.
If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.
For any organisation with an international workforce, the free flow of HR data between different geographies is essential to assure informed decision-making and effective HR processes.
It is important to be aware that different requirements apply depending on where employees are resident and where their data is processed, so you can be sure you have appropriate processes in place.
In the context of the EU, the flow of data is reliant on data adequacy, a status granted by the European Commission to countries outside the EEA who provide a level of personal data protection comparable to that provided in European law. At the current time:
- The EU has agreed to allow personal data to flow freely from the EU/EEA to the UK for 6 months from 1st January 2021 pending an adequacy decision.
- The UK had already agreed, on a transitional basis, that data flows from the UK to the EU/EEA can continue.
You might also like…