GDPR Related National Laws & Modifications
The European Union’s General Data Protection Regulation, going into effect May 25, 2018, sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
- provide “specific rules to ensure the protection of…employees’ personal data in the employment context” (Art. 88);
- limit the transfer of “specific categories of personal data to a third country or international organization” if the country (or international organization) is deemed not to have adequate protections in place (Art. 49, (5)); and,
- “determine the specific conditions for the processing of a national identification number or any other identifier of general application” (Art. 87).
Derogations in Portugal
EU member nations are reviewing their current Data Protection Policies in advance of the GDPR going into effect. Portugal issued a draft Bill in March 2018 which will likely be revised and finalized before May 25, 2018.
The Bill, as it stands will require some revision as it could create inconsistencies and questions in a few areas within the context of employment. For example, employee consent would only be allowed in cases where there would be no economic or legal benefit to the employee, and when processing is not required to perform a contract where the data subject is a party. There would also be limitations in terms of biometrics (limited to office access and attendance). Data-transfers between related organizations would also be limited if the Bill proceeds in its current form (Coelho Ribeiro e Associados, GDPR Draft Bill in Portugal, April 2018).
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.