Introducing our brand new GDPR and Employee Benefits guide
The GDPR (General Data Protection Regulation), which came into effect in May 2018, is by far one of the most widely known data protection laws to date. Its ultimate goal is to give citizens of the EU and EEA greater control over their personal data, and within it, there are wide-reaching changes and implications for businesses that deal with personal information – including employers that provide employee benefits.
The risks of non-compliance with the GDPR can be financially devastating; potentially leaving organizations having to pay fines of up to EUR 20 million, or 4 percent of their global annual turnover. Consisting of 88 pages and 99 articles, the full regulation is a lengthy read, so our team has taken the liberty of condensing the most pertinent provisions as it pertains to organizations offering benefits packages in our brand new GDPR and Employee Benefits guide. Download it today, or read on to learn more about our latest corporate insurance resource.
Inside our GDPR and Employee Benefits guide
As of May 25, 2018, those that are not compliant with the GDPR can expect hefty penalties. Companies affected by the regulation should therefore ensure that their cyber security and compliance strategies fully meet the GDPR’s requirements.
This is a significant undertaking, especially for organizations that are not based in the EU and are unsure about whether they need to be compliant. As such, our brand new GDPR and Employee Benefits guide, which was curated by our team of corporate insurance experts, drills into the most important aspects of the regulation in an easy-to-digest way. The guide answers the following questions:
- To whom does the GDPR apply?
- What key GDPR terms do I need to know?
- What are the penalties for non-compliance?
- What are its implications for HR and employee benefits?
- How can your company mitigate GDPR risks?
In this article, we will provide a brief rundown of the in-depth answers to the above questions contained within our GDPR and Employee Benefits guide.
To whom does the GDPR apply?
Non-EU businesses may believe that the regulation does not apply to them. Simply put, it may. The regulation applies to data controllers or data processors (definitions below) who are either located in the EU/EEA, or outside of the EU/EEA, but offer goods/services or monitor the behavior of European residents.
What key GDPR terms do I need to know?
Here are some of the most important definitions every entity affected by the GDPR should be aware of:
- Data controller: This is a natural/legal person who determines the purposes – either alone or with others – for which and the manner in which data is processed. Example: An FMCG company collecting personal data from their staff is considered a controller.
- Data processor: Any person (other than the employee of the data controller) who processes data on behalf of the data controller. Example: A payroll company that processes staff paychecks on behalf of the FMCG company is considered a processor.
- Personal data: Any information related to an individual (the data subject) that can directly/indirectly identify the person. Example: An employee’s name and address.
What are the penalties of non-compliance?
The GDPR gives data protection authorities more enforcement power and the power to levy more substantial fines. The fines are calculated based on a number of different factors, such as the nature of the infringement, the types of personal data involved, and whether there were any prior infringements by the controller/processor. Within the regulation, there are two tiers of fines, namely:
- A higher level fine of EUR 20 million, or 4 percent of global annual turnover (whichever is greater)
- A lower level fine of EUR 10 million, or 2 percent of global annual turnover (whichever is greater)
The word “greater” is perhaps of the most concern for organizations that must comply with the GDPR; for example, many MNCs have annual revenues in the tens of billions.
In addition to the above fines, failure to comply with the GDPR can also result in other potential costs, such as fines from a particular country’s data protection regulator (e.g. the UK’s ICO, or France’s CNIL),
What are the GDPR’s implications for HR and employee benefits?
With such a large quantity of employee data being held on work IT systems, mobile devices, CCTV, etc., the consequences of a cyber incident could have grave consequences. Our latest GDPR and Employee Benefits guide divulges the various implications the regulation has for HR and employee benefits, chief among them being:
- Processing employees’ personal data: There are many risks associated with processing employee data, such as sending employee data to multiple places, which increases the scale of risk. Third parties, such as employee benefits brokers, also hold a significant amount of your employees’ personal data.
- Responsibility for employee data: Depending on your organization’s operations, it might either be considered a data controller, processor, or both. In offering employee benefits, your organization is deemed a data controller.
- The GDPR and global employee benefits plans: The mechanics of offering global employee benefits products, such as international health insurance coverage, can get complex, especially when your organization is required to overcome the compliance obstacles in each affected jurisdiction.
How can your organization mitigate GDPR risks?
GDPR compliance may seem quite daunting initially, but if you are aware of the things your organization needs to do to meet its responsibilities under this regulation, you’re already off to a good start. Our latest corporate insurance resource discusses a number of key considerations to keep in mind as it pertains to employee benefits:
- Ensure that your employees are aware of how their data will be processed
- Split your employee benefits contract
- Find an employee benefits provider that is GDPR compliant
Get started with the world’s leading employee benefits broker
As a leading employee benefits broker, we’re committed to protecting our clients’ data, and we have strict GDPR compliant policies in place to ensure all personal data is treated securely. Contact us today to discover the compliant corporate and school insurance solutions we offer, or browse our corporate insurance resources page and blog to brush up your employee benefits knowledge.