NewsCase StudiesEvents

How does GDPR affect cross-border employment?

Also in the news...

Safety and security requirements on imports and exports

Find out about new safety and security declarations that will apply from 1 October 2021 on goods leaving Great Britain (England, Scotland and Wales).

How to open a company in the USA while maintaining residence in Italy

It is one of the best ways for the Italian citizen to manage their business. This corporate vehicle allows access to multiple advantages of an advanced jurisdiction such as the US and also manages to maintain a low tax rate with very manageable levels of accounting and bureaucracy.

UK-ASEAN Joint declaration

Joint Ministerial Declaration on Future Economic Cooperation between the Association of Southeast Asian Nations (ASEAN) and the United Kingdom of Great Britain and Northern Ireland (UK).


These are exciting times for Dubai and the UAE. With the entire business world’s attention soon to turn to the Emirates with the delayed Expo 2020 kicking off in October (and continuing all the way through to the end of March next year) it’s never been a better time to be a UAE business owner

UK Shipping Concierge

The concierge service provides a one-stop shop to help maritime businesses interact with government departments.

How does GDPR affect cross-border employment?

Back to News

GDPR is an EU regulation that obliges organisations to protect personal data and privacy of EU citizens. On the surface, this important legislation may only seem relevant for businesses which operate within the EU, however, even if your business is based outside of the EU you might still need to ensure you’re compliant.

What is GDPR?

General Data Protection Regulation (GDPR) introduced new data protection responsibilities for any organisation that collects the personal data of EU residents. The legislation gives people new rights and more control over their information, including the right to withdraw consent and opt out of receiving communications.

The legislation, introduced in May 2018, applies to organisations that process EU resident’s data. This includes companies outside of the EU that offer goods or service to EU residents.

Fines for non-compliance are hefty; €20 million or 4% of global revenue - whichever is greater.

Why does it exist?

GDPR exists due to public concern over privacy and companies losing their data. It replaces the previous EU Data Protection Directive from 1995, a time before the internet and operating online. The old legislation didn’t address how data is stored, collected and transferred in today’s modern world, so change was necessary. Companies now need to consider whether the way they store personal data is compliant, ensuring there are sufficient measures to protect people’s information.

Studies have shown there is growing concern among the public over data breaches and hackers getting hold of their personal information, such as email addresses, passwords and bank account details. This means there is a rising need for businesses to monitor and protect people’s data in our increasingly digital world.

How does GDPR affect non-EU countries?

Companies that store or process personal information about EU citizens need to comply with the legislation, even if they do not have a physical presence in the EU.

If you are a business outside the EU, you need to be GDPR compliant if you process personal data by:

  • Offering goods or services to people in the EU and/or
  • Monitor the behaviour of these people as far as their behaviour takes place in the EU (e.g. you employ people in the EU)

If this sounds like your business, you need to seek advice and take immediate steps to become compliant. Contact us now to find out more.

My business is based in the USA: do I need to be compliant?

As mentioned above, just because your business is based outside the EU doesn’t mean you are safe from GDPR constraints.

If you employ staff in the EU but your base is in the USA, you still need to be compliant in how you collect your remote workers’ data, such as addresses, emails and credit card details.

What to do next

You can take steps to minimise the risks associated with GDPR by working with a Global Professional Employer Organisation Service (PEO) in the EU, like us.

At PEO Worldwide we provide full professional employer services to our clients. This means that we become the legal employer of record for your employees and consultants across the globe. As the legal employer, we are authorised to collect your remote employees’ personal information and ensure it is GDPR compliant.

We can help you to adhere to GDPR and other local employment regulations across the world, allowing you to expand your operations and maximise your service offering.

So, if you have EU citizens on your payroll get in touch with us today to see how we can help your business thrive, while remaining within EU legislation.

See more benefits of working with us here.

You are not logged in!

Please login or register to ask our experts a question.

Login now or register.