The Impact of GDPR on Talent Mobility

The General Data Protection Regulation (GDPR) is recognized as the most important change to data privacy regulation in the European Union for the last 20 years. On May 25, 2018, the GDPR will come into effect and all non-compliant organizations may face heavy fines. This Insights article offers detailed information about the GDPR, main principles to keep in mind and support clients can expect to ensure data security.

Data Privacy: Past & Present

When the GDPR takes effect in May this year it will replace the data protection directive, which passed in 1995. The directive was the European Union’s answer to the diverse set of privacy regulations across the EU, harmonizing data privacy laws across Europe. Its primary purpose was to protect all EU citizens’ data privacy and reshape the way organizations across the region approached data privacy. However, it was still a directive, not legislation, which left some room for interpretation during the transposition of the directive into individual national law.

This fact, along with today’s rapidly changing data landscape, reinforced the need for another update, which led to the development of the GDPR. As a regulation, the GDPR will become an immediately enforceable law in all European Union member states.

The Main Principles of the GDPR

Many of the main principles on privacy remain from the previous directive; however, social media and cloud storage were not a reality in 1995. Modern technology was a large influencer in developing the regulation. The GDPR will update the standard to fit today’s technology, while also remaining general to protect the fundamental rights of individuals throughout future waves of innovation.

The following are five important elements of the GDPR:

1. The definition of personal data has expanded, encompassing any information related to a natural person, or ‘data subject’, used to directly or indirectly identify a person. It can be anything from a name, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer IP address.
2. Under the GDPR data must be “adequate, relevant, and limited to what is necessary.” Organizations must ensure that they collect only the data they need for each specific purpose of processing. Meaning, data can only be collected for a specific reason.
3. The “right to be forgotten”, or data erasure, entitles the data subject to have control over their information. Under the GDPR, organizations cannot retain personal data for a period longer than legitimately necessary. This includes data that is no longer relevant to original purposes for processing, or a data subject withdrawing their consent.
4. Organizations that have operations, which monitor data subjects on a large scale, are required to appoint a Data Protection Officer (DPO). The DPO must, among others:
  1. Have expert knowledge on data protection law and practices
  2. Must report directly to the highest level of management, e.g. Chief Executive Officer (CEO)
5. Notification by controllers to the supervisory authority of certain data breaches will be mandatory within 72 hours of breach awareness. Data processors will be required to notify their customers “without undue delay” after first becoming aware of a data breach.

What impact will GDPR have on the U.K. when it exits the European Union?

The British government supported the GDPR upon approval in April 2016, and before the country voted to terminate its EU membership. On May 25th 2018, when the GDPR will go into effect, the U.K. will still be an EU member, and will therefore be subject to the rules and regulation put forth by the legislation. Moreover, the British government has already proposed a new Data Protection Bill that will enshrine the basics of the GDPR in British law.

Nevertheless, the scope of GDPR extends to all companies holding data on EU citizens, regardless of where the business is based. This means that continued compliance with these rules is essential, if U.K. companies wish to carry on trading legally in Europe, even post-Brexit.

Ensuring Continuity of Service and Compliance

BGRS is committed to keeping personal information accurate, secure, and private. BGRS continues to align and implement our security controls with ISO 27001 to ensure consistency with industry recognized practices and processes. The GDPR will affect BGRS supplier contracts, client contracts, as well as mandating many complex updates to policies throughout the business. The following are just some of the steps clients should expect from their service providers:

Amending all existing supplier agreements to mandate compliance with all GDPR requirements
Cooperating with all client requests to update data protection provisions in client agreements
Compiling detailed personal data and subprocessor inventories
Updating all relevant policies
Completing a thorough review of all systems used to process personal data and making all necessary enhancements

Capitalizing on growth opportunities requires effective selection and deployment of the best talent.

A proactive and iterative approach to talent mobility program design drives stronger business performance.

Successful mobility programs are strategic to the business and attractive to employees while meeting bottom line goals.

Increasing complexity and more onerous regulations affecting talent mobility require enhanced internal controls and program management.

A well-coordinated and fully integrated supplier network is essential to ensure seamless and consistent employee experience.

A quality, seamless employee experience has a direct effect on the employee’s engagement, performance and retention.

Aligning the service delivery model to accommodate specific program requirements is crucial to a successful mobility program management.

We have the infrastructure necessary to provide innovative solutions for processing, disbursing and reporting mobility related spend.

Managing relocating employees’ expenses gives us a unique ability to streamline compensation delivery, ensure compliance and accurate reporting for tax returns.

We maximize our clients’ investment by leveraging purchasing power, driving service excellence and compliance throughout the supply chain.

We partner with clients to help them strategically optimize and implement their mobility programs.

We assist our clients with assessing the impact of group moves and deliver solutions minimizing business disruption and potential loss of talent.

As an end-to-end service provider, we are in a unique position to provide management reporting, analytics and recommendations based on clients’ specific program criteria.

Successful assignments are dependent on selecting the right person and ensuring they have the intercultural competence to succeed.

We combine deep subject matter expertise, best-in-class supply chain and industry leading technology to deliver tailored solutions aligned with the latest regulatory requirements.

Our mobility Consultant will manage the entire relocation lifecycle from pre-decision assessment to repatriation and reintegration.

Our mobility Consultant will manage the entire relocation lifecycle from the pre-decision assessment through the home sale and home finding support.

Articles at the intersection of Talent and Mobility, demonstrating the power of mobility and its potential to drive business performance.

Questions & Answers with BGRS leaders about our deep regional and sector expertise.

Market survey-based features profiling a strategic shift in organizations’ thinking about how talent mobility is managed.

Partnering with our clients to optimally deploy their talent and transform employee experience is at the heart of everything we do.

BGRS’s leaders perspectives about key mobility trends and the solutions we develop to support our clients’ talent mobility programs.

We partner with our clients to craft and implement talent mobility strategies that empower them to attract, retain and develop top performers.

BGRS at a glance.

We are an empowered team of professionals dedicated to our clients’ success.

BGRS news, announcements, events and media coverage.

We are recognized for our ideas, shared service commitment and industry foresight.

We recognize the power of giving back - we strive to make a positive difference for the communities where we work and live.