The standardization of data privacy laws across the European Union (EU) has taken place in the form of the General Data Protection Regulation (GDPR). It was approved by the European Parliament and the Council of the European Union, aiming to solidify and standardize data protection laws for individuals from the EU. The European Commission is implementing the regulation to lessen security risks, increase data protection for EU’s individuals and companies, and to make way for a more efficient data transfer process through the GDPR’s unified set of rules and limits.
Compliance with the GDPR has a global effect. Companies who interact with EU clients and employees must adhere to the regulation’s policies and standards. Non-EU entities who process personal data belonging to individuals from the EU are also subject to comply. By doing so, the GDPR can unify the fragmented laws across the EU to ensure that its individuals’ data and information are protected from security threats.
In an effort to centralize the GDPR’s enforcement for organizations conducting business in various EU countries, the “one-stop-shop” supervisory mechanism was proposed. The one-stop-shop mechanism’s objective is to ensure consistency and coherence in the application of data protection legislation. The one-stop-shop also intends to reduce the administrative challenges and inconsistencies that data controllers may face as soon as the GDPR becomes fully implemented in May 2018.
Under the one-stop-shop mechanism, organizations whose data controllers or processors operate in multiple EU countries are assigned to one lead supervisory Data Protection Authority (DPA) in the location of the controller or processor’s “main establishment.” After the regulation’s implementation, organizations are expected to align their enforcement procedures with their lead supervisory authority in order to fully comply with the GDPR.
Since the GDPR’s announcement last year, Teleperformance has been taking necessary measures to ensure compliance. From developing security programs that increasingly protect personal information and data of our clients and customers within the EU to developing GDPR-focused programs that will allow us to comply with the GDPR’s legal requirements, we are carefully adapting to the regulation’s policies and standards.
Teleperformance continues to put extreme effort in making sure that our operations will be ready for the GDPR. Following the one-stop-shop supervisory mechanism, there won’t be a need to revalidate with other EU countries as we will only be working closely with our sole lead supervisory authority in France, where we are also headquartered. This benefit will allow us to speed up the deployment of new programs and data protection processes in different EU countries, and make Teleperformance more agile in our operations by having only our DPA in France approve our privacy strategies for all EU countries impacted. In addition, we will be able to create a uniformed privacy strategy that will be aligned with our DPA’s standards, therefore eliminating discrepancies, simplifying processes, and reducing administrative burdens.
At Teleperformance, our clients’ and customers’ security will always be a priority. As we are getting ready to comply with the GDPR before it becomes fully implemented next year, we continuously look for ways to transform our passion into excellence, and in this case—trust.
To learn more about the GDPR and how it can affect you and your business, read our white paper.