Are Data Protection Laws an Achilles Heel for Global Mobility?

When human resources professionals embark on the process of moving a member their staff around the globe, many players come into the spotlight. From international movers to insurers, many different people and services will need access to your clients’ data, but the amount of and type of personal data they require will be heavily dependent on their role in the mobility process.When sending data between HR offices and vendors, how can you guarantee that only the necessary data is shared with the correct people, while also ensuring the smoothest possible transfer for the staff in question? Over the coming months, Global Health Insider will be delving into some of the complex issues surrounding data protection for mobility professionals across the globe.

Leading the Way

The European Union (EU) is seen by many as having some of the most robust data protection laws in the world, with the Data Protection Directive being adopted in 1995, heavily regulating the processing on personal data for EU and European Economic Area (EEA) member states. This is not to say that other countries outside this zone do not have sufficient regulation in place, there are many countries around the world which the EU recognises as having adequate levels of protection for their citizens (see our map below).

Although countries across the world, and specifically Asia, are implementing comprehensive new data protection regulations to bring their laws in line with those in Europe, the EU have chosen to strengthen their law with the General Data Protection Regulation (GDPR).

 “…the European Data Protection Directive is very robust and will be replaced by the toughest and 'game changing' law - the General Data Protection Regulation…in some countries such as Hong Kong, Japan, Korea, Taiwan, New Zealand, Australia, Singapore, Malaysia and the Philippines comprehensive laws are being enforced.

The laws in Hong Kong, Australia and New Zealand are quite mature as compared to Malaysia, Singapore and the Philippines. The South Korean law is quite tough. However, in determining the 'leader' [in Asia], one will have to assess how serious the country is at implementing and enforcing the law. In this respect, among the newcomers (Malaysia, Singapore and the Philippines), Singapore has proved her seriousness.

Many countries in Asia have adopted the EU Directive's approach in term of the content of the law.  The GDPR, however, will widen the gap.”

- Professor Abu Bakar Bun Munir, Faculty of Law, University of Malaya – Co-author of Data Protection Law in Asia.

Not only will the GDPR strengthen the data protection laws within the EU and EEA member states when it comes into effect in May 2018, but it will also have wide-reaching effects as it specifically addresses the export of personal data outside of the EU. However, until the GDPR is fully applied next year, and other countries around the world have brought their laws up to date and begun effectively enforcing them, careful thought should always be given over what personal information is sent out to which of your global mobility partners. It is not that others may be negligent with your clients’ data, but a mixture of immature data protection laws alongside weak enforcement may have bred a culture in which the careful handling of private information is not a high priority.

Securing Your Clients’ Data

In response to the wide-ranging security concerns that differences in data protection laws are having around the world, global mobility professionals are going to need intelligent, unified tools to effectively navigate these difficulties. In fact, some platforms have begun to emerge in the marketplace to cover the need for total data security throughout the global mobility lifecycle.

“The tight regulation of our customers’ private data, and its delivery to the appropriate players throughout the process of global relocation is our primary concern. Human resources professionals need to be prepared in this rapidly evolving environment of international data protection, as slip-ups can hold major financial penalties.”

- Sebastien Deschamps, CEO and co-Founder of assignment management software ReloTalent.

Of course, the best way to protect your clients’ data at present is careful planning and execution and monitoring of your mobility strategy for each case. Although your overall strategy may be identical from case-to-case, the laws, or lack thereof, in some countries may necessitate extra attention in some areas. Regardless, now is the time for global businesses to begin allocating budget and resources to identify which compliance tools are right for them, before it becomes too late.

For a parallel insight into keeping your private data secure while using the internet, whether it be for business or pleasure, take a look at ExpatFinder’s latest blog post on why using a Virtual Private Network is becoming essential, regardless of your location.

Sources:

Data on global data protection laws was taken from the French National Commission for Information Technology and Civil Liberties website.