HR Documents Provide Compliance Safeguard in Line with Approaching GDPR

Harris Beach PLLC
Contact

As employers continue to prepare for compliance with respect to the European Union’s (“EU”) new overarching data privacy law, the General Data Protection Regulation 2016/679 (“GDPR”), employers are reminded to take necessary steps to protect Personal Data of citizens within the European Economic Area, most especially if such data is to be transmitted to the United States.  For a background on what constitutes Personal Data and other basics of GDPR compliance, including consequences for non-compliance, see our previous Legal Alert and video.

Among the mandates of GDPR are: (a) providing at-length written notice to data subjects, as well as obtaining their consent to the collection and transfer of their information, and (b) ensuring all transmissions to the U.S. are covered by an EU-recognized method for assuring compliance with minimum protections – most prominently the execution of prescribed Model Contractual Clauses or formal membership in the Privacy Shield program run by the U.S. Department of Commerce’s International Trade Administration.

Updating Employee Handbooks, Policy Manuals, or similar human resources documentation is a convenient and effective way to meet the requirements for providing notice and securing consent from data subjects who are EU employees of a domestic business, or of a local company’s offshore subsidiary or affiliate.  If employment application data, job performance data, payroll details, and other types of data of such persons are in any way available to a U.S. parent company, then the company needs to “cover” those regular cross-border transmissions of Personal Data under the GDPR.

International transmissions to the U.S. also will need to be covered by an EU-recognized mechanism, even where those transmissions are from one EU-based corporate affiliate to its parent or other related company in the U.S.  Most employers opt for executing Model Contractual Clauses between affiliate companies to achieve this, minimizing the legal risk of future allegations of non-compliance.

Employers should update their employee handbooks, disseminate the required notice, and obtain the required consents ideally before the May 25, 2018 effective date, or as reasonably soon thereafter to ensure compliance in as timely a manner as possible.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Harris Beach PLLC | Attorney Advertising

Written by:

Harris Beach PLLC
Contact
more
less

Harris Beach PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide