cancel
Showing results for 
Search instead for 
Did you mean: 

How is Deel supporting remote work in EU when it comes to GDPR regulations?

zishan
Weekender

A lot of businesses in the EU consider legal implications of GDPR when hiring remote workers outside Europe. This will (or maybe it already does) affect decision making when hiring remote talent from countries such as Pakistan. Is Deel taking some initiative to ease this?

2 REPLIES 2

daryldy
Deel Team

Hi @zishan ,

 

First of all, this is an excellent question and one I'm happy to answer for you. Right now, Deel allows clients to generate Data Processing Agreements or DPAs. The DPA document ensures that the third party, such as remote workers anywhere in the world, will guarantee information security when processing personal data, prevent any security incidents, and comply with all the applicable data protection laws especially for those under the GDPR. This creates protective safeguards for both clients, Deel, and remote workers. Right now, companies who use Deel are easily able to generate these DPAs on the platform with the same ease of use as any of our other HR services. More information can be found through this link. Let me know if you need more information on this. 🙂 

Best,

Daryl

CassyL
Administrator
Administrator

Hi @zishan

Adding to the answer @daryldy provided already regarding this topic, I also wanted to share some additional context for Contractors specifically. 

Under our Contractor services, Deel and the Contractor are separate independent Controllers for personal data processed as part of Deel's processing operations. These include:

  • storage and other processing necessary to provide, maintain and update the Services provided to the Contractor 
  • the provision of technical support to the Contractor
  • disclosures in accordance with the Agreement, as compelled by law

Deel and the Contractor may put in place a Data Processing Addendum (DPA), as Daryl mentioned earlier, which sets out Deel's data protection obligations in relation to the Contractor. The DPA sets out the arrangement between independent controllers, the technical and organizational measures, safeguards for cross-border transfers, the categories of personal data processed and the purposes of processing. 

This DPA only covers the relationship between Deel and the Contractor and not the Contractor and the Client. It's important to note that Deel is a neither a Controller nor Processor of the data the Worker may come in contact within their daily activities.

In the Master Service Agreement (MSA) between Deel and the Client, Clients set out the scope of work for the worker (employee or contractors). This scope of work outlines the daily tasks of the worker. 

Once Deel has connected workers to the Client, workers may process personal data of the Client, like that of Client's employees, customers, suppliers, and other client data. Deel is not a party to this processing, as Deel does not process personal data on the Controller's (Client) behalf, and has no knowledge and no decisive power over what data, for what purposes and by what means will be processed by the worker in the course of their daily activities under the scope of work. Deel also does not have any access to the Clients systems nor is there any personal data exchange between them in relation to the scope of work. For these reasons, Deel is neither a Controller nor a Processor to this processing.

Deel does recommend that if businesses (Clients) are hiring remote talent, but have GDPR and other compliance concerns, we encourage Clients to sign an NDA or Confidentiality Agreement with the workers in order to protect the personal data on their systems. For EU clients who want to hire outside the EU, we also suggest putting in place measures to ensure the secure transfer of personal data overseas (i.e. choose the appropriate data transfer mechanism, perform a transfer impact assessment etc.). 

Deel is not responsible for any security measures relating to the Client's systems.  

I hope this additional information eases any concerns on GDPR compliance and regulations. 
Thanks so much for being a part of the Deel Community, and for sharing this question! 
-Cassy

p.s. for further reading, please check out the Deel Data Processing Addendum here, and Deel's Privacy Policy here.