On 25 May 2018, the Global Data Protection Regulation (GDPR) will come into force, reshaping the way organisations approach data privacy.
What is the GDPR and why is it coming into effect?
The GDPR replaces the Data Protection Directive 95/46/EC and harmonises data privacy laws across Europe.
The regulation applies to all EU organisations, as well as those organisations based outside the EU that collect or process the data of EU residents. For UK organisations, it is also important to recognise the UK government has confirmed that the GDPR will be incorporated into UK law, even when the UK exits the EU.
Provision of global mobility services requires the collection and processing of personal and sensitive data every day. So, what does the GDPR mean for global mobility?
The GDPR and global mobility
The finer details of the legislative requirements are complex and overwhelming. Putting it simply, the global mobility industry is required to:
- Securely store personal and sensitive data under automatic full encryption to prevent unauthorised access and loss
- Ensure the transfer, usage and transmission of all personal and sensitive data is secure
- Monitor the usage, transfer and transmission of all personal and sensitive data
- Gain consent from assignees and provide for the rights for data to be erased
What is Sterling doing?
To ensure our compliance with the new regulations and to demonstrate our commitment to the security of our client’s data, Sterling has a dedicated internal task force, which includes GDPR champions and our Legal team, updating our policies and processes with new rules that reflect the GDPR’s requirements.
These include (and are not limited to) the implementation of processes to:
- Obtain affirmative consent for processing personal and sensitive data, including sharing necessary data with our global supply chain, from not just our assignees but also their spouses and dependants
- Ensure a clear “Request to forget” process
- Limit the amount of personally identifiable information we process and store
- Schedule mandatory data protection assessments
Our GDPR task force is advised by external GDPR experts who will endorse our revised processes upon completion.
Look out for more updates about how Sterling will be GDPR compliant by 25 May 2018.