Print this page
Friday, 06 October 2017 17:15

Don’t Overlook This Aspect Of The GDPR

What Compliance Professionals Need to Know About Employee Data

The deadline for the General Data Protection Regulation (GDPR) is on the horizon, and a customer’s information is not the only thing that should be on a compliance practitioner’s radar. After all, the mishandling of an employee’s information can pose as much financial risk – therefore, it is important to understand the potential GDPR issues from extended rights and burden of proof to social media snafus and the need for defined policies.

Heads up: There’s more to the General Data Protection Regulation (GDPR) and GDPR compliance than meets the eye. That’s because the regulation — which takes effect on May 25, 2018 — doesn’t simply cover personally identifiable information (PII) belonging to the customers of corporate and government entities that are headquartered and/or do business in the European Union (EU). It also applies to employee PII which, as with customer PII, encompasses everything from telephone numbers to gender preferences.

Neglecting to address the employee PII aspect of the GDPR is not simply foolhardy; it puts organizations at risk for financial repercussions. EU authorities have a record of imposing penalties for noncompliance with mandates, as well as for doing so early on. Their approach to the GDPR will be no exception. But just as significant, in today’s economic climate, PII is increasingly viewed as a valuable commodity and as individuals’ personal property. Employees and former employees want control over this property and will undoubtedly capitalize on opportunities to gain it as afforded by the GDPR. Accordingly, it’s important to clarify key issues surrounding the GDPR and employee data.