January 11th, 2018

GDPR: Your risks as a Relocation Management Company

GDPR: Your risks as a Relocation Management Company

The introduction of the General Data Protection Regulation within the European Union in May 2018 will change the face of data protection for everyone. Those working in global businesses such as the relocation industry are especially at risk, due to the different personal data security laws found across the globe. Get the facts and begin to prepare now before it's too late. 

After our previous article exploring the risks that destination service providers (DSPs) can face as a result of the tightening of data protection regulations across the globe, we have chosen to focus on the problems that relocation management companies may encounter. Those in the global mobility industry need to look carefully at where and how they may have to tweak their day-to-day processes to conform to these new laws. Relocation professionals need to hold personal private data to do their jobs, and uncareful handling of this information is where problems, and potentially severe penalties, can occur.

The EU Pushes for Protection

Although many countries care about the protection of personal data to some degree, the European Union (EU) is leading the way with legislation. The Data Protection Directive (DPD) currently in law across the region demands that member states act to protect citizens data, but only gives rough guidelines. The General Data Protection Regulation (GDPR), however, changes this when it comes into full force on 25th May 2018.

 

The GDPR is a new set of legislation focusing on the protection of personal data and will reach far and wide, beyond the nations of the EU. It tackles multiple problems founds when the DPD came effect and dramatically expands both the requirements and potential punishments for those who break the rules.

 

Previously, breach of DPD laws could be met with financial penalties for the parties at fault. The GDPR will allow governments to levy fines of up to €20M, or 4% of the offending company’s yearly global income, whichever is greater. For individuals at serious fault, jail time can also be applied where necessary.

 

Implications for Relocations

Although the GDPR is a European set of laws, the jurisdiction of these rules is not necessarily that small. The legislation is written in such a way that any companies who want to business within the EU will have to look carefully at their actions when it comes to data protection. In fact, many other countries outside of the EU are looking to integrate parts of the GDPR into their own laws, as to counteract any possible barriers to trade.

 

For the relocations industry, this means that when working with an EU citizen, or moving a client to, or from, a member state, following the GDPR guidelines should be a priority. You should be careful when deciding which points of data to share with your DSPs and the GDPR has expanded the definition of personal data to include special personal data. Special data is that which is related to topics that could potentially cause discrimination, such as sexual orientation and ethnicity; the incorrect use of this information, in particular, can be severely punished under the new laws.

 

Risks for RMCs

Relocation management companies (RMCs) also referred as Supply Chain Management companies, hold an important role over other businesses in the global mobility industry, as they manage many aspects of global moves, and are therefore required to handle a significant amount of personal data with a substantial number of third-party providers. As the regulations expand to protect private data further, it is essential that RMCs know the risks of the business, and act to protect themselves, their service partners, and clients.

 

It is no longer acceptable for those in the global mobility industry to use unlogged forms of data sharing, such as email spreadsheets to DSPs. Actions like this hold very little in terms of private data accountability and should be avoided at all costs. Is imperative that RMCs keep accurate records of all data transfer and processing activities, along with accurate logs of any and all privacy policies signed by clients. Some of these may be already in place, or easy to implement; regardless, now is the time to re-evaluate your current processes, and mage changes accordingly. In fact, many of the global mobility software solutions on the market are both affordable, and GDPR-ready.

 

The advantage of using an end-to-end software solution designed for the relocation industry is that they significantly reduce any change of private data being mis-shared or misplaced. As all customer information is kept in the cloud, there is no chance of staff accidentally downloading customer information onto a personal device, an action which will count as a breach under GDPR.

 

For RMCs, it is especially important to have full control and accountability over the data which is provided to DSPs. This entails successful managing and tracking of a variety of factors, from signed consent forms from clients, to actively monitoring and ensuring that only the correct information is sent out to the right people at the proper time. Slip-ups in these areas could result in extremely costly fines from governments across the EU.

 

Picking Your Partners

Some of the most prominent questions when it comes to GDPR for RMCs will be over how to handle the relationships with their many service providers. The daily interactions between you are your DSPs will often require private customer data to be shared, so that the correct tasks can be carried out in a timely and accurate manner. Although all of your DSPs will probably not reside in EU nations, do you still hold them to the same standards as your partners which are required to be GDPR compliant by law? It is always wise to ensure the same standards of both working, and data protection across your entire network, although some may find it hard to remove established service providers from their group.

 

Another point to consider should be the software systems which are in use across your network. Modern software solutions aimed at the relocations industry offer substantial levels of process integration across companies, allowing for efficient task sharing, and the secure transmission of data. RMCs should be actively looking at what their partners are using, and seriously consider the benefits of encouraging all network members to choose a software package to work through. Even if you are not currently working on a project together, ensuring that secured software and workflows are the norm can provide significant benefits for future working, as well as protecting against potential GDPR non-compliance. Overall each RMC will need to make these decisions for themselves, and look at the potential benefits and costs of each case.

 

Preparing for GDPR

How then can RMCs properly equip themselves for the impending risks of GDPR non-compliance to their business? The answer is to prepare thoroughly, and early. The benefit of getting ahead of the game in this regards cannot be overstated, and with less than six months to go until the legislation comes into full force, businesses should be looking for answers now. As mentioned earlier, finding a sound and secure technological service for your end-to-end relocation projected management needs could go a long way to achieving regulatory harmony.

 

One of the many benefits of these software solutions is that they are created with GDPR compliance in mind, and have much of your data accountability needs built-in. They remove the need for actively having to keep track of spreadsheets and emails containing private customer information, by having inbuilt communication tools, designed for the industry. Relocation management software tools can also provide a standardised platform through which you can communicate with DSPs, intermediaries, clients and assignees, without having to worry about accidental data breaches. Using these tools then automatically creates a trail of data movement, ensuring that you are fully accountable in the case of an audit.

 

It is essential that everybody in the relocations sector prepare themselves for the incoming GDPR legislation, and RMCs are at the centre. If you were to take a chance with any part of your business, compliance with the new laws should not be it, as the penalties will be extreme for any company to cope with. Make your preparations now, and show your clients and partners that you value the privacy of their data.

 

This article was written by ReloTalent for EuRA. If you would like to continue the discussion on the issues surrounding GDPR and data protection, please log in to our LinkedIn EuRA GDPR Peer Sharing Group.

For more information please email Sebastien Deschamps, CEO and Co-Founder of Relotalent - seb@relotalent.com