GDPR and NuCompass Compliance

As you may know, a new data protection law called the General Data Protection Regulation (GDPR) was passed by the European Union.  While it only affects EU individuals, we have many clients who utilize NuCompass’ global relocation and assignment services. The information below will outline some of the basic information regarding GDPR and how NuCompass is complying with the new regulations.  

What is the GDPR?

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What does the GDPR regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”)

How does GDPR change privacy laws?

The key changes are the following: Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organizations, as well as customer profiling and monitoring requirements. GDPR also includes binding Corporate Rules for organizations to legalize transfers of personal data outside the EU, and a 4% global revenue fine for organizations that fail to adhere to the GDPR compliance obligations. Overall, the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.

NuCompass GDPR Update

To comply with the new GDPR rules, NuCompass is taking the following actions:

• Identifying, segregating and protecting the different data sets, including those shared with downstream suppliers.
• Applying GDPR standards across our internal systems so that we have a consistent format for transferees to be able to opt-in, withdraw, and be forgotten.
• For downstream suppliers, instituting the required contractual terms to comply with GDPR for those who process data subject to GDPR and ensuring only compliant suppliers are used for services provided to EU individuals.
• Ensuring our data breach procedures are comprehensive of GDPR requirements and that all NuCompass employees are fully-trained on how to manage a suspected data breach.
• Updating our existing Data Protection and Privacy Policies to include GDPR.

If you have any additional questions, please contact us directly.