adam121 - Fotolia
In this podcast, an HR tech expert discusses how GDPR rules governing employee and personal data for the European Union require all companies doing business in the EU to comply.
GDPR employee data protections set to take effect in May 2018 require U.S. and other foreign-based HR tech vendors doing business in the European Union to comply with far-reaching data privacy, portability and rights rules.
As Cliff Stevenson, HR tech analyst at the Brandon Hall Group, points out in this podcast, the General Data Protection Regulation applies not only to vendors, but also to employers' HR departments and systems.
GDPR employee data rules essentially "protect EU citizens and those citizens' digital rights," Stevenson says in the podcast.
The GDPR "affects tech vendors and anyone working in that space because, if you have any EU citizens, regardless of who they are, these protections are designed to cover them," Stevenson notes.
Cliff StevensonBrandon Hall Group
Large employers that use human capital management (HCM) software from some of the larger vendors should look to the vendors for guidance about how to be GDPR-compliant, Stevenson says.
HCM vendors, including Workday, SAP and others, have been gearing up for the GDPR, which, as Stevenson notes, dramatically stiffens enforcement of the existing EU Data Protection Directive.
In the podcast, Stevenson touches on the GDPR's "right to be forgotten," the data privacy concept that is central to the GDPR.
In the HR context, it means that, "after you are no longer an employee, your records need to be removed, if requested," Stevenson says.
One of the ways the GDPR makes the right to be forgotten possible is by stipulating that employee personal data must be able to be separated from the employer's general record so it can be deleted.