Press enter to see results or esc to cancel.

Check out Pacific Prime’s latest GDPR and Employee Benefits Flyer!

Employee benefits are offered as a perk by companies to attract their employees to join their organization. Providing employees benefits is a win-win for both sides, so what could possibly go wrong? Failure to comply with regulations, such as the General Data Protection Regulation (GDPR), can lead to hefty consequences as we will explain below.

The GDPR was put into effect on May 2018 and has been an ongoing regulation ever since. It was implemented to allow citizens of the EU and EEA to have greater control over their personal data. To further understand the GDPR and how it affects your company’s employee benefits plan, check out our brand new GDPR and Employee Benefits flyer or download Pacific Prime’s GDPR and Employee Benefits guide today. Alternatively, read on to learn more about the main points covered in our new flyer.

The main purpose of the General Data Protection Regulation (GDPR)

The main purpose of the GDPR is to protect personal data and to give citizens of the EU and EEA more control over their personal data. The regulation mainly applies to organizations that hold and store personal data of citizens in the EU and EEA. However, it is not necessary for an organization to be part of the EU or the EEA to comply with this regulation. For example, if you currently employ a European citizen, this in most cases already makes your organization liable to follow the GDPR.

The regulation makes sure that organizations use proper channels and methods to send and receive personal information, thus avoiding leaks. This also applies to both clients and employees within the organization.

GDPR and employee benefits

Processing the data

It is essential to handle personal data with care, therefore processing it for any reason should be done the proper way. Proper channels need to be used for sending the data and the right encryption needs to be in place. On top of that, it is also dangerous to send personal data of employees to several different places.


By offering employee benefits, organizations have made themselves responsible for the data collected. Under the regulation, offering employee benefits makes the organization a data collector, therefore it bears all the responsibility should anything go wrong. For example, a mistake made from a third party employee benefits provider also makes the organization liable.

GDPR fines

If organizations fail to comply with the GDPR, they are liable to pay a hefty fine. The fines are further broken down into two different categories: upper level and lower level.

The upper-level fine is for those who have committed serious actions against the GDPR regulation, which will make them liable to a €20 million fine, or 4% of the organization’s worldwide annual revenue. There were a number of high profile cases recently involving mammoths like Google being hit with upper-level fines, which we will address in greater detail below.

The lower level fine is for minor actions against the GDPR. The fine is €10 million, or 2% of the organization’s worldwide annual revenue.

Minimizing the risk


It is vital that an organization is completely transparent when it comes to collecting and processing personal data. By not doing so it sends a signal that the organization might be bending regulations. For example, Google was recently hit with a €50 Million fine by French data regulator CNIL as they failed to be transparent when it came to their data. On top of that, they made it hard for regulators to go through their data by scattering information across different documents. The regulators also added:

                 “Users are not able to fully understand the extent of the processing operations carried out by Google.

Restructuring the employees’ contracts

Another way to minimize risk is to restructure the contracts of employees. This can be done by splitting contracts between EU/EAA employees and non-EU/EEA employees.

Contact us

Being a GDPR-compliant employee benefits provider, Pacific Prime can offer guidance on how to stay compliant with the GDPR. On top of that, we have also compiled a ‘GDPR and Employee Benefits Guide’ which you can download for free. Using this guide, you will get a clearer idea of how to stay within the regulations set forth by the GDPR.

Contact Pacific Prime today for impartial advice on your employee benefits plan, or head over to our website to check out our GDPR Employee Benefits flyer and download your free copy of the GDPR Employee Benefits Guide.

Content Creator at Pacific Prime
Karoon is a content creator who strives to represent Pacific Prime's goal of simplifying insurance.

An enthusiastic writer and a core part of our team of health insurance experts, Karoon tackles every topic with the aim to make it as informative and simple as possible.