On May 25, 2018, Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR) was passed by the European Parliament, the Council of the European Union, and the European Commission in order to strengthen and unify data protection for all individuals within the European Union (EU). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states and regulates the exportation of personal data outside the EU.
While the new law covers a lot, the regulations most applicable to us as a Global Relocation Management Company include requirements to:
- Securely store personal and sensitive data under automatic, full encryption to prevent unauthorized access and loss;
- Ensure the transfer, usage, and transmission of all personal and sensitive data is secure;
- Monitor the usage, transfer, and transmission of all personal and sensitive data;
- Gain consent from transferees moving to and from and within the EU region; and
- Provide for the rights for data to be erased upon request.
To be compliant, MoveCenter is:
- Continuing to limit data collected for the specific and explicit purpose of administering relocation and assignment management services for our corporate and government clients;
- Obtaining affirmative consent for processing personal and sensitive data, including sharing necessary data with our global supply chain, from not just our assignees but also their spouses and dependents;
- Keeping data current by requesting periodic updates until no longer needed;
- Purging data after seven years unless our client specifies a different timeframe or the employee explicitly asks to opt-out of the data retention period; and
- Continually working to ensure that our data security measures are effective and complaint by scheduling mandatory data protection assessments.
Additionally, we have taken the following actions:
- Identifying, segregating and protecting the different data sets;
- Applying GDPR standards across systems so that we have a consistent format for transferees to be able to opt-in, opt-out and be forgotten;
- Ensuring only compliant suppliers are used for services provided to EU individuals;
- Ensuring our data breach procedures conform to all GDPR requirements;
- Adding GDPR compliance to our employee and supplier training materials; and
- Updating our existing Data Protection and Privacy Policies to include GDPR.
MoveCenter is committed to protecting the personal data entrusted to us by our clients and their relocating employees. If you have any additional questions on our policies or compliance in the UA or anywhere else in the world, please contact us today.
