The General Data Protection Regulation is a transformative set of rules, one that due to its nature reaches far beyond the areas where it is directly enforceable. Let's look at what GDPR is and how this regulation, developed within and for the European Union and European Economic Area, has had a global impact on the relocation industry.
What is GDPR?
GDPR is a law focused on digital data privacy for EU citizens, increasing protections around how their personal information is stored and shared by businesses and organizations online. CNET pointed out that the law made a number of changes from the last time the EU addressed data protection via law, which occurred in 1995. Considering the significant advances made over the past two decades in how businesses digitally gather and use the personal data of individuals, such an update doesn't seem particularly surprising.
The main thrust of the law requires organizations to take a broader view of the concept of personal data, as well as maintain relatively detailed records about how the data is stored. GDPR empowers individuals by forcing businesses to comply with requests to modify, delete, limit use of or share available data, and requiring prompt notifications to go out in the event of a data breach. This is a major shift for companies that didn't face these strict requirements in the past, requiring significant time and effort be spent developing compliant procedures as well as maintaining them. CNN Business said the underlying concept of GDPR is privacy by default, a shift from previous attitudes that were more permissive about data collection, storage and use.
The European Parliament approved the law in 2016 and gave businesses roughly two years to come into compliance with it before enforcement efforts started. Since May 2018, companies that do business in the EU - even if based and primarily operating in a country not covered by EU laws - have had to deal with the GDPR as an active measure that carries significant penalties for noncompliance.
Why is GDPR important for the relocation industry?
While GDPR is focused on citizens of the EU and developed by the European Parliament, its structure and the global nature of business in the 21st century mean companies outside the EU have to comply with it as well. For companies in the relocation industry, which often has to cross international borders and interact with potentially global audiences, it's an especially important consideration.
Our 52nd annual Atlas Corporate Relocation Survey looked at the influence of GDPR on businesses in general in the context of relocating employees and found some important points to take into account. One in 10 businesses is outsourcing its GDPR and data privacy compliance functions, with that ratio being nearly one in five among large businesses. Companies recognize the importance of aligning with the GDPR rules as well as the specialized experience and knowledge needed to do so effectively.
Businesses need to be sure that any relocation involving moving an employee to or from a country that's covered by GDPR rules is a compliant effort, including any and all relocation companies they work with. Atlas has taken a leading position on this concern, maintaining secure controls over all data, as well as monitoring and addressing legal and regulatory requirements related to it. Making sure we serve clients and partners in a way that recognizes and complies with GDPR and all other applicable digital data and privacy rules going forward is a vital consideration. With the possibility of similar laws arising in other countries, a deep understanding of this law and any other, similar efforts is critically important.