Complying with the New GDPR Regs
Over the past year, rapid and frequent changes in immigration policies and processes have become the norm in the U.S. and elsewhere, creating turbulent times for employers and their foreign national employees. Though navigating these choppy waters can be a challenge, workarounds and solutions do exist. Here are a few steps HR leaders can take to ensure compliance and some alternative approaches to visa applications.
Unless you’ve been living on another planet, you probably know that the European Union’s Global Data Protection Regulation is now upon us. Though not limited to immigration alone, it’s expected to have a significant impact on the process.
Designed to protect personal data used for business purposes in the EU, GDPR requires any organization in any location worldwide to adhere to specific rules when processing (i.e., collecting, using, storing, sharing, or deleting) any personal data related to any EU activities.
With regard to immigration, compliance with the regulation means that whenever an individual’s personal data must be collected for anything related to EU business activities (which may be fairly often in some instances), an organization must obtain formal consent from that person for specific processes: data collection and use, the conditions under which data may be disclosed to their-party providers, and how it’s kept secure.
Individuals whose data is impacted must also be advised that they have certain rights, including the right to request their data that an organization is storing, to ask that it be deleted, and/or to ask that it be moved to another organization or system.
Any third-party providers involved in the process, such as in-country immigration attorneys, must also be advised on GDPR’s requirements and must comply.
Noncompliance can result in stiff financial penalties: up to 20 million EUR or four percent of an organization’s global annual revenue. Though consequences for initial and/or minor violations would most likely be less severe, it’s possible that many companies could at some point be penalized. According to the results of a Crowd Research survey released last month, only 40 percent of organizations polled are either GDPR compliant or close to it.
However, even if an organization isn’t ready when GDPR goes into effect, measures can be taken to mitigate risk.
Another headache more specifically related to immigration is global business travel, which, as of late, has been increasingly scrutinized. New technologies and better record keeping now enable immigration authorities to monitor travelers on business visas more closely, and more easily identify violations. These include overuse of business visas (too many trips), overstaying (too many days) and traveling on the wrong visa.
Like GDPR violations, these, too, can result in fines, as well as other penalties, for both employees and their employers. The latter can include deportation, reputational risk, involuntary closure of business operations within a jurisdiction, “blacklisting” (inability to secure visas for foreign national employees in the future), and even, in some instances, prison time.
Organizations that want to avoid these consequences can do so by familiarizing themselves with the types of violations that are possible and the steps required to ensure compliance.
Requests for Evidence are yet another pain point that many involved in the U.S. immigration process are most likely now experiencing. Over the past two years there has been a significant increase in these, with the figure currently at an eight-year high. Many more applicants have also been denied visas or received a Notice of Intent to Deny (NOID) from the U.S. Citizenship and Immigration Services, which indicates that a denial is imminent.
One of the most common visa types, the H1-B, is being denied more often based on judgement calls by the adjudicating officer, even though the criteria for determining if an applicant qualifies is very specific (“theoretical and practical application of a body of highly specialized knowledge”).