Base Erosion and Profit Shifting

03 Jul 2018
Actualités

Base Erosion and Profit Shifting (BEPS)

The tax landscape is changing internationally. As base erosion and profit shifting (BEPS) leads to worldwide revenue losses, governments together with the Organization for Economic Co-operation and Development (OECD) take ongoing efforts to close gaps for BEPS.
BEPS refers to the tax avoidance strategies that exploit gaps in international tax rules. By these, profits can artificially be « shifted » from higher-tax locations to lower-tax locations. Because of the potential for cross-border controlled transactions to distort taxable income, there are now over 100 countries and jurisdictions collaborating to implement the OECD/ G20 Base Erosion and Profit Shifting (BEPS) Package.
To counter BEPS, the OECD recommends e.g. intragroup pricing rules based on the so-called arm’s-length principle (see below).

Transfer Pricing and the arm’s length principle

Transfer pricing are rules and methods for pricing transactions within and between enterprises under common ownership or control.

Source: Pixabay

 

The arm’s length principle then states that a transfer price should be the same as if two companies involved were indeed two independents and not part of the same corporate structure. The OECD has put together guidelines on how to apply this principle in a bid to avoid BEPS.

 
 
 
 

Updates from Dutch decree

On the 18th of May 2018 Dutch tax authorities published a new transfer pricing decree which replaces the decree of 14th November 2013. The update provides additional advice on the application of the arm’s length principle and guidance regarding intangible assets and business restructurings.

Please contact us to hear what GCA can do for you and your business in regard to BEPS and Transfer Pricing. GCA makes a continuous effort to inform their clients on the latest developments within the OECD BEPS package and the necessary filing.

 

Sources (last viewed on 19th June 2018):
OECD.org: About the Inclusive Framework on BEPS

OECD: Background Brief: Inclusive Framework on BEPS

OECDobserver.org: Transfer Pricing: Keeping it at arm’s length

Deloitte: New Dutch transfer pricing decree incorporates BEPS guidance

Consensus as a Goal

03 Jul 2018
Actualités

Human Resources and Labour Law in the Netherlands

Qualified and motivated staff is an important, long-term success factor for any company. Foreign companies in the Netherlands encounter workers who are highly qualified, committed and flexible. Although Dutch labour law obliges the employer to comply with certain requirements for the protection of the employee, on the other hand conflicts are dealt with quickly and pragmatically.

The polder model

Dutch workers are rarely unionised and trade unions tend to be cautious compared to other countries. The field of labour law and human resources is characterised by the Dutch polder model: Employers, employees and the state try to find solutions together and by consensus. The polder model dates to the Middle Ages, when nobles, peasants and citizens had to work together, regardless of their rank and background, to secure the polders. Even cities that were in the same polder, but were actually at war with each other, had to agree on this issue. This characterises the Dutch culture of consensus in the field of labour law to this day.

Concrete and mandatory benefits for employees

In the Netherlands, since 2015, there has been a mandatory minimum wage of €1,501.80 per month for employees aged 23 and over. Furthermore, an employee may only work more than 12 hours a day, 60 hours a week, with explicit consent. Several fixed-term contracts may only be concluded with the same employee with restrictions. Each worker is entitled to paid leave four times the number of weekly working days. The period of notice may be between one and four months, depending on the duration of employment. If a termination violates applicable law, an employee can sue for damages.

Fotolia/Jakub Jirsák

A peculiarity of Dutch employment contracts is that they often include bonus programmes. The design of these programmes is important because the right formulation can provide tax benefits for both the employer and the employee.
In addition, discriminating against workers and applicants based on factors such as race, nationality, ethnicity, skin colour, age, gender, sexual orientation, marital status, religion or religious beliefs, disability, and part or full-time status is prohibited.
 
In companies with more than 50 employees, the employer must set up a works council. In addition, the employer is required to pay certain premiums, such as social security and pension.

 

Immigration of foreign workers

In recent years, the Netherlands has created more generous admission procedures for highly skilled workers in multinationals that meet certain criteria. In principle, workers from the European Economic Area (EEA) are not subject to any restrictions on immigration. Workers who are not from the EEA need a work permit and, if they are in the Netherlands for more than 90 days, they need a residence permit (a visa).

Posted workers who work in the Netherlands can be paid a tax-free allowance under the 30 per cent scheme. This provision allows the employee to receive a tax-free refund for 30 per cent of active employment income. This refund serves to cover all extra-territorial costs.

It is generally recommended that employers set up a comprehensive employment contract that is used for each employee and addresses issues such as confidentiality and competitive post-employment activities.

The competent team at Global Connect Admin will gladly advise you comprehensively if you want to hire personnel as part of setting up a business in the Netherlands. Please don’t hesitate to contact us.

European Tax Returns in Comparison

12 Sep 2017
Data Protection, Actualités, Non classifié(e), Planification fiscale

The Fine Line Between Privacy and Transparency

An increased level of transparency is one of the declared aims of the OECD and the EU in the fight against tax avoidance and fraud. According to experts, the current lack of transparency promotes not only an unfair distribution of the tax burden between companies and individuals but also unfair competition between international and national companies in the EU.

In recent years, a wide range of EU initiatives have been put in place in order to ensure increased tax transparency. At the end of June 2017, for example, the EU proposed an obligation to report questionable and “potentially aggressive” tax deals, which as expected sparked protest on the part of the professional associations affected (such as lawyers, tax advisors, and auditors). This shows that the issue of tax secrecy remains a hot topic in many European countries. Other EU countries, however, apply a more transparent approach to dealing with the tax data of their citizens and companies.

 

Transparency as a Fundamental Pillar of Democracy

In the UK, a similar arrangement is already in place, as is the case, incidentally, in many other Anglo-Saxon countries.

In Sweden, the model country for transparency, they take the matter even one step further, as the tax data of all Swedish citizens and corporations are published unsolicited every year. In this way, everyone can see exactly what taxable income from earnings and capital and even the amount of assets and liabilities a neighbor or a particular company has.

This level of transparency is based on the so-called principle of public access, which the Swedes see as a key building block for democracy, as anyone can request information on administrative operations. Perhaps this approach is conceptually deeply rooted in Puritanism, based on the saying “If you have nothing to hide, there is nothing to fear”, for other Nordic countries handle the personal data of their citizens in a similar way. Norway, for example, also openly deals with tax data, and Denmark assigns a personal number to each individual, to which all information as well as operations, both private and official, are linked.

 

Transparency vs. Protection of Privacy

The situation is quite different in German-speaking countries, where privacy is given a much higher priority than the public interest. In Germany, for example, tax secrecy is constitutionally protected and considered part of general personal rights.

Austria also provides for tax secrecy, yet with some exceptions. For example, it is revoked if it facilitates tax proceedings, if there is a compelling public interest, or if the person does not have a legitimate interest to protect his or her data.

In Switzerland, in turn, tax secrecy is generally defined as “qualified professional secrecy”, which obliges anyone involved to keep all information confidential. However, there are considerable differences between the Cantons. Some even publish tax registers for a limited period – whereas the information merely contains so-called tax factors, that is, the taxable income and assets of persons or the earnings and equity of a company.

 

Conclusion

To sum up, it can be said that there are still significant cultural differences within Europe on the issue of tax transparency. For the politicians in Brussels, it will be a long and bumpy path to reach an agreement on a uniform transparency regulation.

 

 

 

Know Your Customer Procedures

09 Aug 2017
Actualités

How EU financial service providers help to combat money laundering and financing of terrorism

Stepping up the fight against terrorism is a priority of the EU based on its European Security Agenda from 2015. This also includes more intense measures against terrorist financing. Terrorists will be tracked based on cash movements and their ability to gain access to money will be curtailed.

Successfully implementing these measures will depend on the support of service providers and companies that are in involved in financial transactions. The current 4th EU Anti-Money Laundering Directive had to be implemented by the Member States no later than the end of June 2017.

 

The 4th EU Anti-Money Laundering Directive

This Directive lists a group of companies and persons that are obliged to conduct particular due diligence. This includes all persons and companies that deal with financial assets and thus could potentially help to detect crimes or illegally acquired financing. These are credit and financial institutions, insurers, auditors and accountants, but also lawyers, notaries and estate agents.
They should implement special due diligence for all major transactions, for example, those involving cash payments of €10,000 or more.

From now on, these obliged entities should analyze every major individual transaction with regard to the risk of money laundering and terrorist financing and respond with appropriate strategies and processes. With the help of “Know Your Customer Procedures”, they should also verify their new and existing customers, provide transparent information, and report any irregularities.

 

Know Your Customer Procedures

In practice, this means that the obliged entities must exactly identify their contractual partners or people acting on their behalf as well as any “beneficial owners”. According to the current directive, a beneficial owner is any natural person who holds 25% or more of net assets or voting rights in the contracting party. Special regulations apply to foundations and trusts. To identify these persons, information such as the name, place of birth, address and nationality must be collected and verified.

 

Creating Transparency

In addition, information collected on the beneficial owners of organizations and companies should provide transparency with regard to the personal connections and interests within the industry. In Germany, for example, beneficial owners must be entered into a “transparency register” from October 1, 2017, provided they are not already listed in other registries such as a commercial or company register. Authorities and obliged entities will have access to this register, and others, such as journalists, may consult it in individual cases and when there is a “legitimate interest”.

 

Outlook

The priority the EU is giving to the fight against terrorism is illustrated by the fact that prior to the final implementation of the 4th Anti-Money Laundering Directive by all Member States, the EU had already adopted an extensive adaptation – generally called the 5th Anti-Money Laundering Directive. The European Parliament approved a corresponding draft at the end of February 2017. The new directive includes intensified measures, such as lower thresholds for determining beneficial owners, and focuses on online payments and e-money.

Further adjustments in relatively short intervals can be expected to follow, while the EU strives to keep pace with the rapidly evolving technical possibilities in the financial sector. Individuals and companies who belong to the group of obliged entities would do well to stay up to date as to ensure compliance with legal regulations.

Robots in the Accounting Dept.?

23 Jul 2017
Actualités, Non classifié(e)

How RPA Is Revolutionizing Corporate Management

It is generally accepted that for years now robots have helped to complete many production steps faster, more consistently and with more precision. But now, robots may also conquer the offices of many forward-looking companies. The term robot is a bit misleading here, since robotic process automation (RPA) actually refers to software that is used to perform routine tasks – similar to a robot – accurately and with tireless precision based on existing systems.

 

Areas of Application

The use of RPA is best applied in departments in which significant resources are dedicated towards repeating “simple” processes. Examples include manually entering data into input dialogs, evaluating data as well as extensive searches for and matching of data.

 
 
 
 

Advantages and Limitations

The major advantage of robotic process automation is the fact that these routine activities can be completed around the clock, much faster and with fewer errors than when done by human employees. In addition, RPA is straightforward and can be operated and monitored by those who are not IT experts. An additional advantage is the ability to integrate RPA into a company’s existing systems. There is no need for extensive investments in new core systems before a company is able to feel the benefits of RPA.

 

The advantage of being accurate means, at the same time, testing the natural limits of robotic process automation: in order for automation to work, the processes must not be changed. Before implementing RPA, business processes should be carefully analyzed and if necessary optimized, as any subsequent adjustment may be complicated.

 

Furthermore, RPA can only work with exact data, and extracting new data from continuous text or independently developing new operations similar to past solutions is only possible with the help of so-called cognitive software or even artificial intelligence systems. However, these fields are developing very rapidly, so much that companies will increasingly be able to use such complex solutions in the years to come.

 

A Threat to Jobs?

Does this mean that in the future not only assembly-line workers but also office workers will be replaced by robots? Yes and no, says both science and the industry. According to a study by the University of Oxford, the substitutability of an employee highly depends on the proportion of his/her routine activities or the ratio of tasks that require creative solutions and social competence.

 

As a result, for example, tasks that until now have been done by accountants and employees in finance departments and even sales back offices will increasingly be completed by RPA systems. Employees who often have to use their creative minds instead of being purely analytical or must demonstrate tact in customer contact will probably remain irreplaceable.

 

Conclusion

For many companies, robotic process automation offers interesting opportunities to save resources to a considerable extent, while, at the same time, enhancing the activities of their human employees by reducing the number of routine tasks. RPA is therefore considered as an opportunity for improvement and will continue to revolutionize many business departments in the coming years.

 

Literature:

Frey, Carl B. et. al.. Technology at Work: The Future of Innovation and Employment. University of Oxford: 2015.

 
 

Brexit: Reset

16 Jun 2017
Actualités, Non classifié(e)

The Outcome of Brexit Is Now Uncertain After Theresa May’s Electoral Defeat

In-depth negotiations on Britain’s withdrawal from the EU are set to begin on June 19. Since British Prime Minister Theresa May’s unexpected electoral defeat in the parliamentary elections on June 8, the outcome of these negotiations is as uncertain as ever:

 

Before the election, Theresa May had threatened to proceed with a “hard” Brexit, that is, a complete phase-out of the European internal market and customs union. Her goal was then to conclude a free trade agreement with the EU based on the country’s own conditions, not unlike the CETA free trade agreement between the EU and Canada. This would lead to extensive new hurdles for imports and exports, such as higher customs duties and complicated import regulations, changes to Intrastat reporting obligations as well as different regulations on value added tax and general compliance requirements. Legal aspects such as consumer and data protection requirements, competition law and applicable legal venues would also be affected by the extensive changes.

Such profound reforms would be disastrous, particularly for small and medium-sized enterprises, because often the complexity and costs associated with the reforms would exceed these companies’ resources.

 

Leading up to election, it was already clear, however, that the EU would continue to be very critical of a free trade agreement unless Britain made significant concessions with regard to maintaining the right to free movement for EU citizens. On Wednesday following the election, the British Government seemingly indicated a willingness to concede on this point. This could be the first sign that the weakened new government in Britain will yield to pressure from all political camps as well as the British economy.

 

This does not seem to come unexpectedly, as Theresa May now feels compelled to cooperate with two political groups whose ideas of Brexit are a far cry from her own: Within the party, a Scottish group of conservatives behind Ruth Davidson has suddenly gained a powerful position. The Scots, however, seek a “soft” Brexit, which is characterized by more freedom instead of increased economic barriers. For example, they want Britain to remain within the EU internal market, with all the legal consequences this may bring.

 

May is seeking an alliance with the Democratic Unionist Party (DUP) in Northern Ireland, led by Arlene Forster, which would ensure the Conservative Party has the absolute majority in important government decisions. However, given their geographical location, the Northern Irish would also like to remain in the EU internal market and preserve freedom of movement for citizens. Unlike their political adversaries, Sinn Féin, they reject creating a special status only for Northern Ireland within the UK, but rather strive for a uniform solution for the entire kingdom.

 

Given this situation wrought with conflict, we can expect to see the Brexit negotiations change course several times in the coming months. One thing is certain for now: the longer it remains impossible to predict the exact consequences for companies, the more this will harm trade relations between the EU and the United Kingdom, and as a result there will be fewer innovations and investments spanning the English Channel.

After Years in the Pipeline, IFRS 17 Has Been Released

02 Jun 2017
Actualités, IFRS, Non classifié(e)

The IASB Completes the Last of Its Four Major Projects

The International Accounting Standards Board (IASB) continually seeks to optimize its guidelines with the goal of standardizing international accounting procedures, while making them more transparent. In addition to continuous minor adjustments, the Board has also worked for several years on four fundamental new regulations in international accounting. On May 18, 2017, the last of these large projects was completed with the publication of the International Financial Reporting Standard 17 (IFRS 17).

The four new standards, IFRS 9 – Financial Instruments, IFRS 15 – Revenue from Contracts with Customers, IFRS 16 – Lease Accounting and IFRS 17 – Insurance Contracts, replace the previous standards in each category and present such fundamental changes that almost every publicly traded company must now adapt to procedures that may intervene in its business processes. The reforms, however, have not been met with a warm welcome at all companies.

 

Winners and Losers of IFRS 9

As with all fundamental system changes, some corporations will benefit from the new rules, while others must also endure considerable disadvantages due to the new standards. A good example of this is IFRS 9 – Financial Instruments. A core aspect of IFRS 9, hedge accounting, offers industrial companies a welcome opportunity to positively influence their profit and loss accounts by including individual hedging components in their balance sheets.

For banks, however, IFRS 9 entails a significant increase in procedures. The extensive reclassification of assets included in the new standard will adversely affect not only their overall balance sheets. It also implies fundamentally converting their business and IT processes; as a result, some institutions can now expect to pay up to EUR 125 million or more for switching to the new standards.

 

IFRS 15 Has Also Raised Eyebrows – Particularly in the Telecommunications Industry

For industries with multi-component businesses such as the telecommunications industry, the new standard for Revenue from Contracts with Customers means significant changes to their previous accounting and business processes. IFRS 15 lays out new regulations on when partial performance of a contract must be included in the balance sheet. The previous margin of discretion and flexibility for corporations has been removed.

This change alone as well as reevaluating existing contracts may mean expenses in the millions for large telecommunications providers and also providers of customer loyalty cards and other bonus programs. But this will not be the end of the process as changes to existing contracts will have to be reassessed in the future. IFRS 15 will significantly increase the cost of accountants for many corporations even after completely converting to the new system.

 

IFRS 16 Establishes a Clear Distinction Between Lessee and Lessor

Until now, IAS 17 on lease accounting had offered many CFOs the opportunity of reporting off-balance sheet lease obligations; the new IFRS 16 standard has almost completely eliminated this loophole. According to the new standard, all lease obligations that have a term longer than 12 months and are valued above a ‘minor’ amount (i.e., more than approx. USD 5,000) are now to be reported on-balance. This is likely to adversely affect debt, interest rates, and the equity ratio of many companies.

A further difficulty presented by IFRS 16 is the clear lack of equal treatment of lessors and lessees. In contrast to the drastic changes for lessees, there are no fundamental differences for lessors. In the future, it is therefore conceivable that the same asset values will be reported twice, both by the lessor and the lessee. It also remains unclear how companies should proceed when they act as lessor and lessee at the same time.

 

IFRS 17 Eliminates a Global Lack of Transparency

Based on the standard in place thus far, IFRS 4, which was meant to act as a transition to the new standard, international comparability of consolidated financial statements in the insurance industry was de facto impossible because local accounting rules were admissible in financial statements drawn up according to IFRS. Investors will be happy to learn that this condition has now been solved in IFRS 17 – Insurance Contracts.

However, the insurance industry itself will initially experience the need for extensive restructuring along with the expenses this will entail. The extent of the changes depends on which methods have been used up to this point. The new standard, for example, foresees three possible methods for assessing insurance contracts, which itself presents a paradigm shift in the industry. In addition, external reporting and data processing requirements will rise significantly.

These changes also require a good communication strategy: Almost every company will be affected by changes in the areas of earnings and equity. Particularly countries in which accounting has thus far been based on predictions as of the reporting date can expect to see greater volatility in earnings. The changes caused by the transition to the new standard must be communicated both externally and within the company.

 

The Four New Standards Have Caused Structural Changes Across the Globe

As welcome as the increasing level of transparency and a standardization of consolidated financial statements have been, they could lead to considerably increased burdens for the industries and companies affected. Since the four discussed standards apply to nearly every publicly traded company in any form, with these projects the IASB has launched a comprehensive structural transformation of international accounting procedures.

On top of all this, time is of the essence: Even if the new mandatory guidelines will only apply to the financial years starting on January 1, 2018, 2019 and 2021, respectively, companies must quickly implement the reforms now, because comparative figures for the previous financial year must also be reported when using the new standard for the first time.

If you have any questions about the new standards, please do not hesitate to contact us. We would be happy to assist you in switching to the new standards and will ensure that your annual financial statements comply with all new statutory provisions.

“Wannacry” Cyber Attack Is a Nightmare for Companies

18 May 2017
Actualités, Cybercrime, Data Protection, Non classifié(e), WannaCry

Cybercrime Attacks Will Continue to Be Among the Greatest Challenges for Companies in the Future

On May 12, criminals launched a large-scale attack infecting hundreds of thousands of computers around the world with the ransomware “WannaCry”, which encrypts data on the computer systems and users are only able to retrieve the data upon paying a ransom. The criminals took advantage of a critical vulnerability with the American intelligence organization NSA.

Major companies and institutions all over the world have also been affected by the “WannaCry” trojan: The ticket machines and display boards of the German rail company Deutsche Bahn stopped functioning, and in the Netherlands the payment machines at Q-Park parking garages and other company websites no longer worked. In Russia, computers at the Ministry of the Interior were infected, while the logistics company FedEx in the United States and the French auto manufacturer Renault even had to stop production. The extent of the economic consequences for companies remains unclear.

 

Global Damage Due to Cybercrime Approx. €400 Billion

In its 2015 report, for example, the German Federal Criminal Police Office (BKA) documented over 45,793 offences in the area of cybercrime and estimates damages incurred by German companies to be over €40 billion. According to the international study “Taking the Offensive – Working together to disrupt digital crime” published by BT and KPMG, digital crime amounts to €400 billion in damages worldwide.

Figures from the 2015 « Federal Cybercrime Report » by the BKA

 

Depending on the source, one out of every two to three companies is affected by various types of cyber attacks. Computer fraud (keyword: phishing) is the most common type of cybercrime. According to a survey of the industry association Bitcom in 2016, the real figures are much higher given that there is a large gray area since many companies do not report any damages due to cybercrime.

The EU data protection guideline, which will enter into effect in 2018, includes an EU-wide reporting obligation for companies. Small and medium-sized companies, which often have low IT standards, are particularly at risk. KPMG stated in April 2017 that these crimes can usually be traced back to China, USA, Russia and Eastern Europe. However, the detection rate of such crimes remains extremely low.

 

Experts Expect Rise in Cybercrime

Experts suggest that the frequency and severity of these offences will increase. With the new digital concepts like the internet of things and industry 4.0, industrial plants or self-propelled cars can be a potential target for cyber criminals.

Every company must deal with the question of what the consequences would be if customer data and credit card details were stolen, new product developments were in the hands of the competition, money were unlawfully withdrawn from bank accounts, or their website were to be hacked. The consequences would be devastating for most companies.

 

Cybersecurity Will Become a Core Competence of Any Company

Therefore, cybersecurity is a key topic for future-oriented corporate governance. Professionals recommend using firewalls and encryption programs, quickly installing program updates, ensuring frequent backups, as well as making employees aware of potential dangers when using digital systems.

New business divisions are emerging both for the insurance industry as well as the consulting branches of the Big Four: Cyberrisk issues are part of the consulting portfolio of large companies and cyber insurance policies are the new trend among providers such as AXA and HDI. Depending on the policy, in-house and third-party damages or costs may be covered for any potential crisis PR measures that may become necessary due to a cyber attack. However, the challenge for any company remains finding the right package for each individual situation.

 
Links:

International study “Taking the Offensive- Working together to disrupt digital crime” by BT and KPMG

2015 Report by the German Federal Criminal Police Office

The NIS Directive – Another Component of the EU’s New Network Security Strategy

30 Apr 2017
Actualités, Data Protection

The EU’s New Network Security Strategy

In addition to the General Data Protection Regulation, the Directive concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) is another important component of the EU’s new network security strategy. It will also take effect in May 2018, and the Member States will have to implement the requirements laid out in the Directive into their national legislation by this time.

Unlike the EU GDPR, this Directive allows Member States some flexibility in the interest of minimum harmonization with national legislation as it can be adapted to regulations that fall below the level of protection included in the NIS Directive. This means States that already have higher statutory safety requirements will not have to make any adjustments to reduce them. In Germany, for example, only parts of the IT security law that took effect in 2015 will need to be adjusted.

The NIS Directive aims to reduce the increasingly dangerous impact of attacks by hackers and technical failures by enhancing security standards and ensuring closer international cooperation in this area. Such problems currently cause damages around 260-340 billion euros per year (source: ENISA).

 

Who Is Bound by the New Policy?

Two groups are affected by the new policy:

  • Operators of what is called “essential services” and
  • Digital services providers

 

Essential Services

Essential services within the meaning of the NIS Directive are services that are essential for the seamless provision of critical social and economic activities, such as for example energy operators, drinking water utilities, hospitals, but also operators of financial market infrastructures. These providers must be specifically named by Member States before the Directive enters into effect, and they will then have to comply with strict safety requirements according to the state of the art and record any incidents and errors based on precise guidelines.

 

Digital Services

The Directive describes digital services as online market places, search engines as well as cloud computing services. In addition, from now on they must implement more stringent security measures and also report any incidents; however, they will be subject to less uniform and weaker regulations than providers of essential services. The requirements apply only to companies with more than 50 employees.

A major challenge for some companies in this group, however, will be to find out whether they belong by definition to the category of providers of digital infrastructure and thus essential services or to that of digital services providers. Here’s to hoping that the transfer to national legislation will bring a clearer distinction between the two designations.

Nonetheless, all companies listed in these sectors should learn more as soon as possible about the security requirements that can be expected as to ensure that they can adjust their systems and procedures to the new standards in a timely manner.

New EU Regulation on Data Protection Affects Companies Worldwide

19 Apr 2017
Actualités, Data Protection, Non classifié(e)

New EU General Data Protection Regulation Much Stricter

The EU’s General Data Protection Regulation, which will enter into effect next year on May 25, 2018, affects essentially any company that stores customer data in digital form. Standardizing the data protection legislation across the EU should provide better protection of personal data while guaranteeing the free movement of data within the European single market.

This new standard will also have global consequences: The required measures relate not only to companies based in the EU but are rather based on the principle of lex loci solutionis, or the law of the place where the relevant performance is carried out. This means any company that markets its products or services to EU citizens is subject to the new requirements.

Since these are much stricter and more complex than Directive 95/46/EC, which has been in effect until now, IT departments and data protection officers, in particular, should now start to prepare and ensure their companies’ compliance with the new legislation.

 
Most Important Innovations

The new key elements of the General Data Protection Regulation (GDPR) stipulate that in the future customers

  • should be able to obtain information on the data collected about them more easily and in terms that are easier to understand.
  • can request that their data are transferred to a different provider (data portability).
  • have the right to be forgotten; that is, all data must be deleted upon request if there are no legitimate reasons for saving their data.
  • must be informed about data privacy violations faster and in a manner that is easier to understand. In the future, companies must inform the competent regulatory authorities about any incident within 72 hours.

 
Extensive Adaptations Required on the Part of Companies

To meet all these requirements, companies must optimize their processes at multiple levels. First, they must carry out an inventory of where and in which form customer data are saved within the company. This can be a daunting task in times of more flexible forms of work and IT systems that are becoming increasingly mobile.

In addition, new procedures for handling data must be introduced company-wide and their compliance must be verified. In this respect, it can be useful to automate certain processes. The General Data Protection Regulation requires the introduction of the concept of privacy by design, that is, including strict data protection at the initial stages and throughout the entire scope of a project.

 
Harsh Penalties in Case of Non-Compliance

It is clear that the EU is quite serious about data protection when looking at the penalties that will be in force for failure to comply with the new regulation. Companies risk up to 4% of their global profit or up to 20 million euros.

An additional incentive for rapid and rigorous compliance with the new regulation could also be the high risk of litigation. In the event of data protection violations in the future, not only could stakeholders and consumer protection organizations bring collective actions. Competitors may complain of unfair competition. At any rate, companies should not wait to implement the EU’s General Data Protection Regulation, but rather approach it head on.

AlternativerTweet   January 2021  The impact of Brexit is global. The UK and Japan both are big players in world trade. However, will Brexit cause mo… https://t.co/uGD53lARni