GDPR Compliance: How BambooHR Protects Privacy

BambooHR is pleased to announce that its systems and processes are compliant with the new General Data Protection Regulation (GDPR). (GDPR is the new standard in the European Union (EU) governing the privacy and data protection of EU residents. This new standard goes into effect on May 25, 2018.) This means that, BambooHR stands ready to support and assist its clients who have employees residing in the EU as they also meet their own obligations under the GDPR.

What is GDPR Compliance

In response to the public’s growing concern about privacy, the European Parliament adopted the GDPR to replace an outdated data protection directive from 1995. GDPR establishes more stringent requirements for businesses to protect the personal data and privacy of citizens of the European Union and the European Economic Area (EEA). The regulation applies for transactions that occur within EU member states, as well as the transfer of personal data outside the EU and EEA areas.

GDPR is not optional, and any company that does comply faces the threat of large fines, depending on the severity and circumstances of the violation. These fines can be as steep as 4 percent of annual global revenue or up to €20 million. Every organization that does business in Europe or with EU or EEA citizens must ensure that they are following GDPR guidelines; non-compliance could cost them greatly.

To comply with GDPR, companies who have EU based employees need to comply with the following important requirements:

GDPR Compliance for US Companies

Even though the GDPR is an EU law, it also requires companies outside the European Union to safeguard personal data. Any company in the U.S. who collects personal data of people in the EU is required to comply with the GDPR. Personal data could be email addresses in a marketing list or IP addresses of those who visit your site. Therefore, U.S. companies whose website, products, or services are available to EU citizens should become GDPR compliant.

For many companies, the implementation of the GDPR may require extensive changes to business practices and can impact Finance, HR, Customer Support, Marketing, and Sales departments. Businesses who work with partners will also have to ensure that these vendors are GDPR-compliant because they will be held partly accountable if partners violate GDPR guidelines.

Some specific steps for U.S. companies to take beyond the normal GDPR measures, according to the official GDPR site, include:

How BambooHR Handles GDPR for HR Professionals

BambooHR is staying ahead of the GDPR changes, both in its role as a data processor and in support of data controllers. BambooHR’s efforts include:

See how our software can benefit your HR needs

What You Can Do to Protect Your GDPR HR Data

While it’s always a great time to think about improving data security, the GDPR deadline provides a good target for reviewing your organization’s privacy and security policies and evaluating how you put them into practice. While BambooHR has yet to have a data breach from hacking, there have been instances where individual customers have been careless with their login credentials or access permissions.

The best protection of personal information comes from a combination of continuously updated technology, thorough training for HR employees who handle and have access to personal data, and seamless communication about new requirements. BambooHR addresses each of these concerns with our features and support, and we will continue to support our clients as regulations evolve.

For more information on the upcoming GDPR changes, visit the official EU homepage.