Joseph J. Lazzarotti and Maya Atrakchi write:
The European Union’s General Data Protection Regulation (GDPR) is fast approaching and U.S. organizations that control or process personal data of EU residents are likely subject to these new data protection requirements. Now is the time for U.S. employers to determine whether they are covered by the GDPR (see our blog post, Does the GDPR Apply to Your US-based Company) and, if they are, begin preparing their HR data systems for compliance.
An employer that needs to process EU employee data must have a lawful basis for doing so under the GDPR. One of the six lawful bases for processing an EU resident’s personal data in Article 6 of the GDPR is “the data subject has given consent to the processing of his or her personal data for one or more specific purposes.”
Read more on Jackson Lewis Workplace Privacy, DataManagement & Security Report