The GDPR has a big impact on Global mobility departments. Highly sensitive personal data of employees and their family is collected, processed, transferred across borders and shared with third party service providers by a Global mobility department. On May 25, 2018, the General Data Protection Regulation (GDPR) has entered into force. From that date, all EU and foreign organisations that process personal data in the EU must comply with the GDPR. The GDPR brings considerable changes.
The GDPR applies not only to companies that are located in the EU. The GDPR applies to all companies - regardless of their location - if they conduct business in the EU and in the process of conducting business, store and/or process personal information about people that are residing in the EU.
Personal data in the meaning of the GDPR is any information related to a person that can be used to directly or indirectly identify the person. It can be anything from a name, photo, email address, medical information or a computer IP address.
Special rules apply to personal data that is transferred outside the EU to the following countries: Norway, Liechtenstein, Iceland, Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, New Zealand, Switzerland, USA and Uruguay.
Complying with the rules of the GDPR means that the Global mobility function must:
Grant Thornton has put together a multidisciplinary team, which works with your Global mobility function, to review your organisation's operational readiness or compliance with the GDPR. This team consists of:
For more information, please contact .