Source | LinkedIn : By Rob Wyse
Imagine that you are fired or quit. Left behind is your employment record.
Who owns it? You, or your employer?
For that matter, who owns all your data?
The reality is that you do not own your data today. It is probably controlled by Google, Yahoo, Facebook, Amazon and others.
After all, if you buy a shirt, a toaster, or anything – the next thing you know when you are reading an online publication is that you see an ad for that shirt or toaster.
The only way to end the onslaught is if you took action and opted out. And opted out of everything.
But, when it comes to your employer, you are an “at will” employee. And, chances are, your employer had you sign an employment agreement. In doing so, your employment record belongs to the employer, not you. Your emails at work are theirs, not yours.
Conversely, when you leave a place of employment, the data about the company and the industry – and your communication also belongs to the employer. This makes sense as that data is clearly the employer’s. But is your performance record the employers, or yours?
The point is that employment, for most, is a one-way street. The employee signs his or her rights away in exchange for compensation.
But this is about to change – in the European Union at least.
A new law will be going into effect in 2018, General Data Protection Regulation GDPR. In short, the law states that “the protection of natural persons in relation to the processing of personal data is a fundamental right.” And this law applies to all EU citizens even if they are outside the confines of the EU.
It means that online merchants cannot just use personal data to make sales suggestions – unless the person gives consent. So, if you buy a skirt – the merchant can’t take your data and suggest a matching blouse, or deliver your data to an online publication where a related ad pops up – unless you give consent.
Now, many readers outside the EU may ask, “What does this have to do with me?” The answer is probably a lot.
Online companies and others are going to need to comply worldwide. If an EU citizen is conducting business or on vacation outside the EU – in the US for example, the rules will still be enforced.
So, let’s get back to employment, the reason many of us are on LinkedIn.
GDPR will be in full force and probably supersede signed employment agreements. In most employment agreements, the employee was ‘coerced’ into signing the agreement. So, an employer cannot just use your data — your signing of an employee agreement is not consensual.
If an ex-employer were to send any of your employment information anywhere without your agreement, it would be a breach of GDPR.
This extends to recruiters, or head hunters as well. They will not be legally allowed to send your resume and background to companies without your consent.
The fines are severe to companies that violate the use of any of your personal identifiable information.
“Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million (Euros) or 4% of global annual turnover (sales) for the preceding financial year, whichever is the greater,” according to Out-Law.com. (For reference, as of this writing one Euro= $1.07).
Breaches can come in various forms. It can be a hack outside the company, or can be perpetrated by company insiders. Think about the data an employer has about an employee. Then think about the human resources and benefits department and the access they have to your personal data.
An example of an inside job was earlier this year. Sage, a global provider of accounting and business software for companies, admitted to a data breach. Between 200 and 300 Sage clients in the U.K. may have been affected. Sage said the breach was caused by someone accessing internal systems with employee credentials — not an external cyber attacker.