The General Data Protection Regulation (GDPR) was first proposed in 2012; however, it was not enacted by the European Union (EU) Parliament and Council until December 2016. It became effective on May 25, 2018. The GDPR puts forward a policy for data protection with enhanced obligations for businesses and its jurisdiction is global. The GDPR applies to any company (no matter its location) that deliberately offers services or goods to the European Union, or that monitors the behavior of people within the EU.
An emphasis is placed on consent, data portability, and required breach notifications which will change how businesses handle sensitive data. The regulation also requires the business to have a “data protection officer” who would be responsible for implementing and complying with the GDPR.
The main purpose of the GDPR is to blend data privacy laws across Europe, to safe guard all EU citizens’ personal identifiable information across the region. The GDPR replaces the Data Protection Directive (officially Directive 95/46/EC) approved in 1995. This European Union ordinance controls the administering of personal data within the European Union. It is a vital element of EU privacy and human rights law.
The law applies if the data controller (organization that acquires personal identifiable information from European Union residents) or processor (an entity that processes data for a controller), and or the data subject (individual) is located in the EU. Additionally, the regulation applies to employers located outside of the EU that process or collect personal identifiable information from people located in the EU.
The European commission has determined the following to be considered personal identifiable information:
Just like U.S., employers must certify a permissible purpose to collect consumer data information. The GDPR requires the similar types of permissions for organizations in the European Union such as:
Employers must demonstrate compliance with the GDPR by implementing data protection by design and by default. Article 25 requires data protection measures to be designed into the development of business processes for products and services. If employers are hiring and employing individuals located in the EU, they must adhere with the new regulation especially when it comes to the background screening process. If an employer utilizes a third-party vendor to conduct their background screening report, they should ensure compliance with the new standard as well.
One out of every six crimes occurs in the workplace and homicide is the second leading cause of workplace death in the U.S.
National Credit Verification Service reports that 25% of the MBA degrees it verifies on resumes are false.
72% of shrinkage is due to employee theft.
34% of all job applications contain lies.
30% of small business failure is caused by employee theft.