Home Nachrichten Newsflash 2017 Newsflash 06.06.2017

Newsflash 06.06.2017

Achtung, öffnet in einem neuen Fenster. DruckenDrucken

General Data Protection Regulation: the countdown has begun, including for employers!

The General Data Protection Regulation (hereinafter referred to as “the GDPR) of 27 April 2016 will come into force on 25 May 2018.

More severe sanctions will be incurred if the new provisions are breached: the CNPD may impose administrative fines of up to 4% of the total annual international turnover of a company responsible for a breach of the obligations laid down by the GDPR.

It is therefore well worth employers reviewing the processes and procedures they use to manage human resources so that they any necessary changes are introduced by 25 May 2018.

With this in mind, an update to – or the introduction of – appropriate documentation and procedures (e.g. factsheets, contractual clauses, IT guidelines, codes of conduct etc.) is essential to guarantee compliance with the new regulatory requirements, which include: 

˗     The obligation for the employer to report data breaches to the CNPD within 72 hours of finding out about the breach (e.g. change to the procedures for reporting the loss/theft of smartphones or work computers, changes to contracts with providers of outsourced HR services such as payroll services etc.). 

˗     The obligation to inform the individuals involved: it is essential to make sure that the information provided to staff contains all the data required by the new regulation, such as details of the employee’s right to complain to a supervisory authority, the period for which data is kept (or the criteria used to determine that period), and information about the employer’s intention to pass on the data to a third party. 

˗     Keeping a record of processing activities, which will be compulsory in businesses with at least 250 employees or when the processing involves data relating to criminal convictions and offences (e.g. carrying out criminal record checks on applicants/employees).

The Legislator may need to specify, or potentially limit, the scope of some of the provisions of the GDPR in national legislation. So far, no bill has been tabled.

CASTEGNARO is delighted to be able to present the video put together by the international alliance, Ius Laboris, which illustrates the main challenges of the GDPR for employers.

https://www.Ius Laboris - The EU General Data Protection Regulation