With only 12 months until the new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018, employers should be starting now to take steps to ensure compliance.
The GDPR will affect every business that processes the personal data of EU residents, including:
- Every employer in the EU
- All businesses that offer goods or services to individuals in the EU or that monitor their behaviour, including companies that have no presence in the EU (because the GDPR will have extraterritorial effect)
- All businesses that process the personal data of EU individuals on behalf of other businesses
The consequences of getting things wrong could be significant, with fines of up to €20 million, or 4% of global turnover, whichever is the higher.
To assist employers, we have put together a "GDPR Employment Compliance Timeline", which highlights the main steps that employers should be taking now to meet next year's deadline, providing average time estimates for each step of the process.
If you have any questions about what your organisation should be doing to ensure compliance, please speak to your usual Labour & Employment contact or a member of our global Data Privacy & Cybersecurity team.
We will soon be running a webinar on the implications of the GDPR for employers, so do keep an eye out for the invitation as well.