May 25 marked the deadline for companies to get in compliance with the General Data Protection Regulation (GDPR), an EU law that requires beefed-up data security for all companies that “process” the data of EU citizens (“processing” can mean anything from storing birthdays and past places of work to archiving emails and more).
The law applies not only to companies that count EU citizens among their customers but also to those who employ EU citizens. After all, there’s no more sensitive personal identifying data than what’s in an HR file.
Whether you were scrambling to get compliant before May 25 or blissfully unimpacted by GDPR, it’s worth paying attention to the new law. In all likelihood, it will be a trendsetter, meaning that companies (and especially HR departments) should expect data security requirements from all countries to ramp up from here.
Increased data scrutiny in the U.S.
In the U.S., increased enforcement standards for employers of foreign national workers have been in effect for more than a year now. Aimed at minimizing fraud associated with certain non-immigrant visas (notably the H-1B), these measures mean U.S. employers must be more vigilant than ever about securely storing relevant paperwork for foreign national workers: that data now needs to be both easily accessible in the event of a site audit and stored so that it meets existing security protocol.
Those security protocols are different, in requirements and strictness, for every country – and they’re all subject to change. It’s a lot for an HR department to keep track of, even if your company only has employees from two or three countries.
The stakes for getting everything right are high, too: Noncompliance could lead to fines, business interruption, and even ejection from a country (for your business or for an employee).
Preparing for tomorrow
The good news is that there are concrete steps you can take to ensure your business is ready to adjust to whatever new data security requirements become law in the coming years:
Evaluate your current data security: You can bring on a data protection officer, hire a consultant, or build an in-house team (IT, HR, legal, etc.) to do this. The goal is to get a sense of where your company currently stands on data security.
Map out a plan: Once you know where your company is today, create a plan that will improve your data security systems and practices so that you’re ready to comply with new GDPR-like laws that pass in the near future.
Choose the right tools: In our annual Immigration Trends survey, we found that 62% of employers are using technology this year to increase data security, and 48% are investing in tech platforms specifically to support the immigration process. As laws become stricter around the world, managing data security for employees from various countries will only become more complex. A tech platform that supports your efforts will be essential for staying in compliance and avoiding fines and penalties.
While improving data security at the enterprise level is a major undertaking regardless of your company’s current practices, doing it sooner rather than later will ultimately save you time and money, especially as you manage (or build) your international workforce.