HRO Today Global Summer 2017 - 35

Risk and Compliance
It's fair to say that the GDPR is really a set of global data
protection regulations, as most businesses these days-
even small and midsize ones- are powered by cloud
computing, deploy mobile devices, and do business with
European partners or customers at some point during the
year.
The real question, however, is whether companies are
prepared for the change. A Dell survey found that small
businesses, midsize businesses, and large enterprises
all lack general awareness of the requirements of the
new regulation. The same survey also showed that most
businesses don't know how to prepare for it and are
unfamiliar with the impact of non-compliance on data
security and business outcomes. In fact, more than 80 per
cent of global respondents knew few details or nothing at
all about the GDPR.
Here are four factors HR needs to consider surrounding
compliance.
1. Fines can be hefty. With just 11 months left to prepare,
organisations can't afford to be indifferent-literally.
Failure to comply with the GDPR can trigger on-site
investigations and fines up to 20 million euros or four
per cent of a company's worldwide revenue, whichever
is higher. Companies can also face private claims for
compensation from affected individuals. Regulatory
agencies can also impose sanctions such as compliance
orders or a full stoppage of personal data processing.
2. Get ready for more accountability. The GDPR signifies
a shift away from companies filing their data processing
with data protection authorities, which are responsible
for assessing whether or not the data processing was
compliant. Now, each company will have to proactively
conduct this assessment itself and demonstrate and
document their compliance with GDPR through records
of HR data-processing activities. They will also have to
perform a data protection impact assessment on their
high-risk projects, document their data protection
measures, and appoint data protection officers when
required.
3. Compliance with cross-border data transfers is a must.
Cross-border data transfers affect any organisation
that needs to transfer personal data out of the EU, so
companies that use cloud-based services, remote-access
services, or global HR databases will need to think about
the mechanisms they're going to use to legitimise their
data transfers.
One of the main objectives of the GDPR is to make
international data transfer easier. In a nutshell, the data
center doesn't necessarily have to be EU-based. Rather,
the GDPR offers alternatives and removes administrative
barriers to data transfers by no longer requiring prior
authorisation from the data protection authorities when
standard data transfer mechanisms are used. Companies
that carry out international data transfer will now have a
choice when it comes to complying with the GDPR: They
can opt for the standard model clauses issued by the
European Commission, limit their data transfer to countries
that provide an adequate level of protection according
to the European Commission, or legitimise such transfers
through the mechanism of binding corporate rules (BCRs).
Consider BCRs. BCRs are policies developed internally by a
group of companies. They provide the group with one set
of rules for protecting the personal data of employees and
another set of rules for clients and other individuals with a
high standard of protection. Once the BCRs are approved
by the EU data protection authorities, companies can use
them to carry out personal data transfers without having
to go back and seek authorisation each time.
BCRs also simplify the data transfer process into a natural
extension of existing corporate compliance policies and
procedures, and they show that commitment to protecting
clients' and employees' personal data to the highest
standards required in the EU.
When gearing up for compliance with the GDPR,
remember this: It's best to think of the regulation as a
continuous process rather than a one-off task or box to
be ticked. It's a long journey but one that presents a real
opportunity for HR departments to move from the back
office to the boardroom. According to IDC®, 75 per cent
of HR leaders are using the GDPR as a catalyst for turning
their human capital management (HCM) technology into
a tool for real business transformation. Now's the time
to assess existing HR service providers-their financial
strength, stability, and capacity to comply with the
GDPR. Armed with the right partner, HR leaders will be
better able to serve as strategic business partners who
can pinpoint the potential costs and risks to the business
associated with non-compliance-whether those costs
are financial, reputational, or damaging to morale and
employee engagement.
Cecile Georges is the chief privacy officer at ADP.
SUMMER 2017 | www.hroglobal.com
[35]
http://www.hroglobal.com

HRO Today Global Summer 2017

Table of Contents for the Digital Edition of HRO Today Global Summer 2017

HRO Today Global Summer 2017 - 1
HRO Today Global Summer 2017 - 2
HRO Today Global Summer 2017 - 3
HRO Today Global Summer 2017 - 4
HRO Today Global Summer 2017 - 5
HRO Today Global Summer 2017 - 6
HRO Today Global Summer 2017 - 7
HRO Today Global Summer 2017 - 8
HRO Today Global Summer 2017 - 9
HRO Today Global Summer 2017 - 10
HRO Today Global Summer 2017 - 11
HRO Today Global Summer 2017 - 12
HRO Today Global Summer 2017 - 13
HRO Today Global Summer 2017 - 14
HRO Today Global Summer 2017 - 15
HRO Today Global Summer 2017 - 16
HRO Today Global Summer 2017 - 17
HRO Today Global Summer 2017 - 18
HRO Today Global Summer 2017 - 19
HRO Today Global Summer 2017 - 20
HRO Today Global Summer 2017 - 21
HRO Today Global Summer 2017 - 22
HRO Today Global Summer 2017 - 23
HRO Today Global Summer 2017 - 24
HRO Today Global Summer 2017 - 25
HRO Today Global Summer 2017 - 26
HRO Today Global Summer 2017 - 27
HRO Today Global Summer 2017 - 28
HRO Today Global Summer 2017 - 29
HRO Today Global Summer 2017 - 30
HRO Today Global Summer 2017 - 31
HRO Today Global Summer 2017 - 32
HRO Today Global Summer 2017 - 33
HRO Today Global Summer 2017 - 34
HRO Today Global Summer 2017 - 35
HRO Today Global Summer 2017 - 36
HRO Today Global Summer 2017 - 37
HRO Today Global Summer 2017 - 38
HRO Today Global Summer 2017 - 39
HRO Today Global Summer 2017 - 40
https://www.nxtbook.com/sharedxpertise/sharedxpertise/2024-hro-today-emea-march-april
https://www.nxtbook.com/sharedxpertise/sharedxpertise/2024-hro-today-emea-january-february
https://www.nxtbook.com/sharedxpertise/sharedxpertise/2023-hro-today-emea-september-october
https://www.nxtbook.com/sharedxpertise/sharedxpertise/2023-hro-today-emea-july-august
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-emea-november-december-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-emea-may-june-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-emea-july-august-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-emea-september-october-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-emea-march-april-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-apac-september-october-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-winter-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-apac-november-december-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-apac-may-june-2019-mandarin
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-apac-july-august-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-apac-march-april-2019-mandarin
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-may-june-2019
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-spring-2018
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-autumn-2018
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-apac-2018
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-winter-2018
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-summer-2018
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-autumn-2017
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-winter-2017
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-summer-2017
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-spring-2017
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-apac-2017
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-winter-2015
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-summer-2015
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-spring-2015
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-autumn-2015
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-summer-2014
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-spring-2014
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-autumn-2014
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-winter-2016
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-summer-2016
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-autumn-2016
https://www.nxtbook.com/sharedxpertise/sharedxpertise/hro-today-global-spring-2016
https://www.nxtbookmedia.com