Chapter 6

A Global Perspective

  • Meet the ADP Expert

    Cécile Georges
    Global Chief Privacy Officer

    GDPR is high on the HR compliance agenda – who does it affect?

    “For multinational companies, much of the complexity around data protection comes from having to deal with differing legal systems and regulations in different countries.”

    The EU General Data Protection Regulation (GDPR) reshapes the way organizations must approach the privacy of EU citizens’ data. It’s not just EU-based organizations that are subject to the rules of GDPR—any organization that processes the data of EU citizens must abide by the regulation. So from an HR perspective, that means any company that employs EU data subjects.

    The penalties for non-compliance could be huge (up to four percent of annual global turnover or €20 million — whichever is greater). The fines may not end up going to the maximum, but they could be high. So GDPR is top of mind for business leaders all over the world. For multinational companies, much of the complexity around data protection comes from having to deal with differing legal systems and regulations in different countries — and from transferring data between regions.

    How can organizations make sure they’re compliant with data privacy and protection regulations?

    “If there are cases where one region has regulations that are more or less strict than others, the simple guiding principle is to meet the most stringent demands.”

    Well, at ADP — as an employer over 55,000 people in dozens of countries — we face these challenges like any other multinational business. To manage this complexity, we decided to implement binding corporate rules, which allow multinational companies or groups to make compliant intra-organizational transfers of personal data between regions.

    Implementing rules like these helps organizations to maintain a consistent level of compliance, and to bring some uniformity to a complex global picture. It enables you to eliminate discrepancies. And if there are cases where one region has regulations that are more or less strict than others, the simple guiding principle is to meet the most stringent demands.

    What advice would you give to leaders who are worried about data protection?

    “It’s an opportunity for you to focus even more on the principles of data protection that have served organizations for years.”

    GDPR sounds scary but it pays to remember that it’s an enhancement of existing rules. So it’s an opportunity for you to focus even more on the principles of data protection that have served organizations for years. Principles like transparency—being open and clear about the types of data you have on your employees and the ways it’s used. And data minimization—being prudent in the collection and retention of data, so you get what you need and no more.
    Example of Excellence
     

    Handling GDPR shouldn’t be a headache. Our website shows you the latest developments and how to stay on the right side of the new rules.