Podcast: Why the EU's General Data Protection Regulation Matters for US Employers
Hosted by: David Weisenfeld
On May 25, 2018, the European Union's new General Data Privacy Regulation (GDPR) takes effect, bringing about the most significant change to European data security in more than 20 years. For the first time, data breach notifications will be mandatory for employers in all 28 EU member states. And that's not all.
According to Gordon, some other key warnings regarding the GDPR include:
- Any US company with employees in the EU will need to address the GDPR (even a small business with a sales representative in Europe);
- Any US company that offers products or services to EU residents is covered by this new privacy regulation; and
- Covered employers must provide notice to their local supervisory authority within 72 hours of first becoming aware a data breach.
Gordon also noted that EU regulators view consent very narrowly. "They believe employees cannot freely give consent because of the hierarchical nature of the employment relationship," he said. "They'll feel like they are forced to agree to keep their jobs." That means US employers cannot evade the GDPR by having employees sign opt-out agreements. Instead, Gordon stressed that employee consent to share individual data must be unambiguous.