10 April 2015 - Post by:Inge Vanderreken
Data protection rules are being tightened to protect the privacy of consumers and employees across the world. In Europe, a new Regulation is being drawn up, which is backed up with the threat of significant financial penalties and criminal sanctions. The ECJ is also bolstering the right to data protection by giving individuals enhanced control over their personal data via the right to be forgotten (following on from the Google case).
Still in draft form, there is political pressure to finalise the new Regulation in 2015, but negotiations between the EU Council, Parliament and Commission could well spill over into 2016. Companies will then have around two years before it comes into force, taking us to 2017 or potentially 2018.
Nevertheless, with significantly higher fines and tighter controls in prospect, employers should start preparing for the new regime now. In order to ensure they remain compliant but also to maximise the potential of data at their disposal, employers could already:
- audit all data-processing practices affecting EU-based employees;
- prepare to comply with the “right to be forgotten”;
- plan the Data Protection Officer appointment;
- adjust existing compliance management schemes to reflect the increased importance of data privacy;
- introduce staff training programmes as a compliance and enforcement risk mitigation tool;
- consider and/or update data security measures and breach notification procedures; and
- conduct a data protection health check of core HR policies.
In addition to getting ready to comply with a stricter and systematically different regime, employers must not lose sight of the bigger prize that is on offer to them if they put data to use in innovative ways, in particular the huge potential of HR Big Data analytics.
We encourage you to read our publication on this topic by clicking here to get a more in-depth overview.