GDPR

Impact of the GDPR on your Global mobility function

John Boer John Boer

The GDPR has a big impact on Global mobility departments. Highly sensitive personal data of employees and their family is collected, processed, transferred across borders and shared with third party service providers by a Global mobility department. On May 25, 2018, the General Data Protection Regulation (GDPR) has entered into force. From that date, all EU and foreign organisations that process personal data in the EU must comply with the GDPR. The GDPR brings considerable changes.

What you should know about the GDPR

The GDPR applies not only to companies that are located in the EU. The GDPR applies to all companies - regardless of their location - if they conduct business in the EU and in the process of conducting business, store and/or process personal information about people that are residing in the EU.

Personal data in the meaning of the GDPR is any information related to a person that can be used to directly or indirectly identify the person. It can be anything from a name, photo, email address, medical information or a computer IP address.

Special rules apply to personal data that is transferred outside the EU to the following countries: Norway, Liechtenstein, Iceland, Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, New Zealand, Switzerland, USA and Uruguay.

How can a Global mobility function comply with the GDPR?

Complying with the rules of the GDPR means that the Global mobility function must:

  • Formulate a global Data Protection policy (or ensure a link with the companywide policy).
  • Build a robust organisation to prevent data protection issues.
  • Build processes to respond to possible future incidents around the globe.
  • Build a process to detect possible data protection issues or leaks before they occur.

Are you in need of assistance to comply with the GDPR?

Grant Thornton has put together a multidisciplinary team, which works with your Global mobility function, to review your organisation's operational readiness or compliance with the GDPR. This team consists of:

  • Global mobility advisors who speak the language of International mobility and have in-depth knowledge of the data processed and the activities and processes within a Global mobility department, supported by;
  • Legal advisors with deep knowledge of the legal and practical aspects of the GDPR and how these impact sending employees and their families on cross border assignments.
  • IT consultants with extensive experience of implementing and auditing IT systems with respect to data protection requirements.

For more information, please contact our Global mobility advisors.

Related articles