Benefit Claimants Protected by The GDPR

As of 2018, every organization that does business in the EU will have to meet new data protection rules, or pay a steep fine. Compliance requires precise knowledge of the data you store and process, and the right data management policy across your organization.

The GDPR aims to protect citizens of the European Union (EU) from privacy and data breaches. This includes mandatory notifications of data breaches within a 72-hour period where a breach is likely to result in a risk for the rights and freedoms of an individual. Subjects will also have the right to obtain confirmation as to whether their personal data is being processed, where and for what purpose.

The legislation applies to organisations within the EU, as well as organisations that are outside of the EU but offer goods or services to EU data subjects or that monitor the behaviour of EU data subjects. It also applies to organisations that hold or process the personal data of subjects residing in the EU.

Penalties for non-compliance include a fine of up to 4% of annual global turnover or €20 million.

The UK’s decision to leave the EU is not expected to affect the commencement of the GDPR in 2018.

Helen Hall, legal director in the employment and pensions team at law firm DLA Piper, said: “Once the GDPR is in force, the regulator will require organisations to demonstrate how they’re complying. This is not a tick-box exercise, the legislation requires a change of approach and culture, and it requires privacy to be woven into the heart of the employment life cycle. Preparation will entail extensive data mapping, gap analysis, and documentation.

“The first challenge is where this fits in an organisation: lots of organisations don’t have data privacy specialists and even if they do they don’t have the employment law understanding needed to assess legitimate use of HR data. It’s not solely legal or compliance but not purely HR either. Organisations need to be joined up in their approach in order to address the different facets to the issue.

“Another key challenge is budget: lots of HR departments are aware of this issue but don’t have the budget to take it forward. Equally, there are situations where awareness within HR departments is still low or they don’t yet appreciate the potentially significant practical impact on day-to-day HR operations.”