Stay in the loop with the most recent updates
We’re all hearing it—that faraway drumbeat that’s gradually getting louder and louder. As the enforcement date for Europe’s new General Data Protection Regulation (GDPR) draws near on May 25, 2018, organizations are feeling pressure to get up to speed on the new regulation and understand the latest developments. Here’s a quick GDPR review, along with the most recent developments.
GDPR snapshot
Approved in April 2016 by the EU Parliament as a replacement for the Data Protection Direction 95/46/EC, GDPR is viewed by many as one of the most important changes in data privacy regulation in decades. It’s designed to improve the access and control people have over their personal data by focusing on:
- reinforcing individuals’ privacy rights,
- ensuring stronger enforcement of privacy principles and rules,
- streamlining international transfers of personal data, and
- setting global data protection standards for businesses to follow.
How it impacts you
If you are located in the EU or otherwise conduct business in the EU, or if you monitor individuals who are located in the EU, your data processing activities involving personal data of EU residents must comply with GDPR requirements and you must be able to demonstrate that compliance. This involves following the five GDPR key privacy principles below.
- Principle 1: Processing must be fair, lawful and transparent
- Principle 2: Purpose Limitation
- Principle 3: Data Minimization (i.e. process only what is necessary)
- Principle 4: Data Accuracy and Currency
- Principle 5: Limiting Retention
As this relates to background screening, almost every item of background check information you collect from candidates (or that First Advantage collects on your behalf) would fall within the definition of personal data under GDPR.
Recent news and updates
The following news and updates are courtesy of Arnall Golden Gregory LLP. Learn more about Arnall Golden Gregory LLP by contacting Bob Belair, AGG Privacy Team Leader at 202.496.3445 or Robert.belair@agg.com.
New website offering GDPR guidance
On January 24th, the European Commission launched a website with guidance for stakeholders regarding the implementation of the General Data Protection Regulation (GDPR). The website includes a number of tools including rules for businesses and organizations, rights for citizens, and steps organizations can take to comply with the GDPR.
Article 29 Working Party
On December 12th, the EU’s Article 29 Working Party published guidelines on transparency obligations under the General Data Protection Regulation (GDPR). The guidelines intend to provide “practical guidance and interpretive assistance” regarding transparency guidelines under the GDPR for data controllers. Under the obligations, controllers are required to provide certain information to data subjects regarding the processing of their personal data. The Working Party also adopted guidelines regarding consent under the GDPR. The Working Party states that data subjects must have “genuine choice” with regard to accepting or denying terms offered “without detriment.” The guidelines are open to public comment until January 23rd, 2018.
On February 9th, the EU’s Article 29 Working Party released several working documents regarding Binding Corporate Rules for data processors and controllers. The Party also released a working document related to adequacy decisions. The documents focus on various elements, including the right of data subjects to file a complaint and adequacy decisions under the GDPR.
On February 6th, the EU’s Article 29 Working Party released updated guidance regarding personal data breach notification under the General Data Protection Regulation (GDPR). The guidance explains the requirements under the GDPR and “steps controllers and processors can take to meet these new obligations.”
Counting down together
Through a series of free educational webinars, blog articles and monthly newsletter updates, First Advantage is committed to supporting you with trusted information about this important global regulatory change. See below to access our available GDPR resources.
FADV.com GDPR Information Series:
