Stuart M. Gerson, Member of the Firm in the Litigation and Health Care & Life Sciences practices, in the firm’s Washington, DC, and New York offices, was quoted in Corporate Counsel, in “How to Handle EU Employee Data Under the New General Data Protection Regulation,” by Dan Clark. (Read the full version – subscription required.)
Following is an excerpt:
Studies show that many companies are still scrambling to come into compliance with the European Union’s General Data Protection Regulation, which goes into effect May 25.
In the midst of the rush toward compliance, some of these companies and their legal departments will have to focus not just on how to change the way they handle customer data, but on how to handle data pertaining to their own employees as well. …
Stuart M. Gerson, an attorney at Epstein Becker & Green in Washington, D.C., said that under the GDPR, “personal data must be kept no longer than necessary.”
“This, of course, is a vague statement, but it implies that there is a time when no ancillary use of employment data will be required. Retention of employment records involves a balancing between data protection interests and employment legislative and regulatory requirements,” Gerson said.
He added there is likely a disconnect “between the EU presumption that privacy is a paramount interest suggesting deletion as early as possible, and the U.S. presumption that, especially if litigation is threatened, records should be kept indefinitely.”