A recent survey conducted by PORT.Im has revealed 55% of UK corporations are unaware of the imminent introduction of GDPR.
The General Data Protection Regulations, passed in April 2016 and enforceable as of May 2018, are being brought in by the European Parliament to provide increased levels of security and accessibility for all personal data stored on a citizen of the EU.
Corporations using such personal information have been shouldered with strict new measures of responsibility.
GDPR guidelines include:
- Increased security requirements
- New regulations surrounding transparency of usage
- Tighter forms of appropriate consent
- Higher standards of practice when sharing data
Ajit Basi, Head of Information Security at Gerson Relocation parent company AGM Group, said: “Many companies have not even started the preparation process, believing that GDPR will not affect them. However, this is a major oversight and enormous risk. With no control framework in place, the ability to demonstrate compliance will become very difficult.”
Failure to demonstrate such compliance can result in huge penalties; equal to 4% of a company’s turnover, or €20 million – whichever figure is higher.
Mark Costa-Rising, Group Sales & Marketing Director of AGM Group/Gerson Relocation, acknowledges that the risks of non-compliance are significantly increased when international mobility projects are involved.
He said: “Businesses operating international mobility programs need to carefully consider the impact of the GDPR. Those ignoring the regulations are putting current and future global mobility projects in jeopardy. International moving often requires high volumes of data transferal and sharing with third parties, increasing the chances of potential GDPR breaches.
“The key to avoiding problems is immediate action. Any corporation mobilising European Union citizens must start to shore up their data protection and privacy policies in relation to the GDPR. They must also ensure they only work and share data with international businesses that also follow these policies.
“As the acquiree of the data, they are responsible for ensuring it remains secure. Moving a worker out of the EU does not mean the GDPR laws no longer apply to them, and no company can escape their new liability.”