GDPR: It’s Almost Here

May 10 2018

Published in: Public Policy

| Updated Apr 27 2023

This article originally appeared in the May 2018 edition of Mobility Magazine.

The General Data Protection Regulation (GDPR) is the new regulation covering the data protection and privacy requirements for entities transferring and maintaining the data of individuals or “data subjects” in the European Union—including foreign nationals. The GDPR replaces the current EU Data Protection Directive (“the Directive”), which the data privacy laws of EU member states had been based on since 1995. The GDPR takes effect in only a few weeks—on 25 May 2018.

On 14 April 2016, the EU Parliament voted to adopt the GDPR. This provided just over two years for companies handling EU personal data to come into compliance before enforcement of the regulation and the possibility of fines come into effect.

What This Means for Mobility

Compliance is Crucial

Companies that maintain or process the data of data subjects in the EU, including transferees residing in the EU, must be in compliance with the new requirements of GDPR by 25 May 2018, or face potential fines. Companies that fail to comply with the GDPR could face fines up to 4 percent of total global gross revenue or €20million, whichever is greater.

Next month’s Mobility Magazine Government Affairs column will delve into some of the key differences between the GDPR and the Directive, and below are some consent guideline developments excerpted from that column:

Developments on GDPR Since Adoption: Consent Guidelines

Since the adoption of the GDPR, the Article 29 Working Party has issued guidance on several topics regarding the GDPR, including on consent. Before delving into the Article 29 Working Party guidelines on GDPR Consent adopted on 29 November 2017 (the“Consent Guidelines”), it seems appropriate to look at GDPR Article 6, which requires that at least one of the following apply in order to lawfully process personal data (see Page 22 of the Consent Guidelines, Section 6):

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Read the rest of this article in this May 2018 edition of Mobility Magazine.

Celebrating 60 Years of Talent Mobility

WERC’s 60th-anniversary commemoration and celebration is ongoing throughout 2024.

Learn More

Forging The Future On Sustainability

Worldwide ERC^® has launched a major initiative to support the industry with our transition to a more Sustainable future, with research, content, resources and learning.

Learn More

Get in Touch with Mobility Experts on the Front Lines

Finding the mobility professionals you need all over the world just got easier with our new, user-friendly Directory

Learn More

In the Current Issue of Mobility Magazine

Crisis Management: Best Practices for When the Unexpected Becomes Reality
Fee Hikes Give U.S. Employers a Chance to Rethink Immigration Strategies
International Remote Work: Top Challenges for Global Mobility Teams in 2024
Managing Expats as an Expat

Mobility is WERC’s magazine, delivering industry and business news and updates, as well as insights on global talent mobility programs, tips, and trends.

Subscribe Preview