Many US firms are unaware the forthcoming General Data Protection Regulation (GDPR) law will apply to them, despite the heavy penalties of a fine of up to $23,773,000, or four per cent of the company's annual global turnover if they fail to comply. John Hayes explains why US business will need to gear up.
When the GDPR comes into force on 25 May 2018, it is unlikely that you will be able to obtain valid consent from staff for processing their personal data. This is because the GDPR introduces a more stringent requirement for consent, which has to be ‘freely given, specific, informed and unambiguous’. As a consequence, employers will need to rely on other lawful grounds for processing personal data of their staff.
The General Data Protection Regulation (the GDPR) is due to come into force on 25 May 2018 and will have a significant impact on how businesses manage the personal data of their employees.