By Adam Turteltaub
GDPR requires businesses to be transparent, fair, and proportionate in how they collect process and store personal data. Many in compliance and the business world fear, though, that it also severely hampers the way in which business can conduct internal investigations.
SCCE Vice President, Partner & Notary Public at the UK law firm Bristow’s Robert Bond, though, offers significant reassurances in this podcast. He shares that there are far too many myths about GDPR. Contrary to popular belief, GDPR does not necessarily trump other laws. It is also a myth, he reports, that employee rights under GDPR are absolute.
However, that doesn’t mean an employer can do what he or she wishes. Compliance teams need to be mindful of the lawful grounds for processing data, including consent and contractual necessity. In addition, there is a need to conduct a fair assessment of whether there is a legitimate interest in conducting the investigation, one that outweighs privacy rights. Be sure also, he warns, to document your decision making in each and every case.
And before you think, “Neither the company, nor the employee, are in Europe so we don’t have to worry about this,” don’t forget an increasing number of nations, and the State of California, are adopting GDPR-like laws.
Listen in to learn more about how you can conduct a fair investigation, without running afoul of GDPR.