Many viewed the highly anticipated coming into force of the European Union’s General Data Protection Regulation (GDPR) on May 25, 2018 as the “finish line” for the marathon efforts towards privacy compliance that took place in the months running up to this date. In reality, however, this date should be treated instead as a “starting line” from which to launch mandatory organizational protections for the personal data of individuals in the EU and elsewhere going forward.

Most companies with European operations have spent at least two years preparing for the GPDR. These often extensive ‐ and expensive ‐ efforts were typically led by companies’ legal, compliance, IT and security departments, and/or privacy offices, if any, and were supported by outside counsel and privacy consultants. The efforts often prioritized commercial or business data processed by the companies (through the websites, products, business contracts, etc.) instead of the data of employment candidates, employees, and other workers, such as temporary agency workers and independent contractors (collectively, “HR data”).

Click here to read the entire article (originally published by Bloomberg Law) which focuses on how companies should continue to focus on HR data compliance post-GDPR.