This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Deel Community
- Ask the Community
- About Compliance & Tax
- How is Deel supporting remote work in EU when it c...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How is Deel supporting remote work in EU when it comes to GDPR regulations?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
June 03, 2023 07:34 AM
A lot of businesses in the EU consider legal implications of GDPR when hiring remote workers outside Europe. This will (or maybe it already does) affect decision making when hiring remote talent from countries such as Pakistan. Is Deel taking some initiative to ease this?
Labels:
- Labels:
-
Deel
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
June 06, 2023 12:46 AM
Hi @zishan ,
First of all, this is an excellent question and one I'm happy to answer for you. Right now, Deel allows clients to generate Data Processing Agreements or DPAs. The DPA document ensures that the third party, such as remote workers anywhere in the world, will guarantee information security when processing personal data, prevent any security incidents, and comply with all the applicable data protection laws especially for those under the GDPR. This creates protective safeguards for both clients, Deel, and remote workers. Right now, companies who use Deel are easily able to generate these DPAs on the platform with the same ease of use as any of our other HR services. More information can be found through this link. Let me know if you need more information on this. 🙂
Best,
Daryl
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
June 12, 2023 02:18 PM - edited June 12, 2023 02:20 PM
Hi @zishan,
Adding to the answer @daryldy provided already regarding this topic, I also wanted to share some additional context for Contractors specifically.
Under our Contractor services, Deel and the Contractor are separate independent Controllers for personal data processed as part of Deel's processing operations. These include:
- storage and other processing necessary to provide, maintain and update the Services provided to the Contractor
- the provision of technical support to the Contractor
- disclosures in accordance with the Agreement, as compelled by law
Deel and the Contractor may put in place a Data Processing Addendum (DPA), as Daryl mentioned earlier, which sets out Deel's data protection obligations in relation to the Contractor. The DPA sets out the arrangement between independent controllers, the technical and organizational measures, safeguards for cross-border transfers, the categories of personal data processed and the purposes of processing.
This DPA only covers the relationship between Deel and the Contractor and not the Contractor and the Client. It's important to note that Deel is a neither a Controller nor Processor of the data the Worker may come in contact within their daily activities.
In the Master Service Agreement (MSA) between Deel and the Client, Clients set out the scope of work for the worker (employee or contractors). This scope of work outlines the daily tasks of the worker.
Once Deel has connected workers to the Client, workers may process personal data of the Client, like that of Client's employees, customers, suppliers, and other client data. Deel is not a party to this processing, as Deel does not process personal data on the Controller's (Client) behalf, and has no knowledge and no decisive power over what data, for what purposes and by what means will be processed by the worker in the course of their daily activities under the scope of work. Deel also does not have any access to the Clients systems nor is there any personal data exchange between them in relation to the scope of work. For these reasons, Deel is neither a Controller nor a Processor to this processing.
Deel does recommend that if businesses (Clients) are hiring remote talent, but have GDPR and other compliance concerns, we encourage Clients to sign an NDA or Confidentiality Agreement with the workers in order to protect the personal data on their systems. For EU clients who want to hire outside the EU, we also suggest putting in place measures to ensure the secure transfer of personal data overseas (i.e. choose the appropriate data transfer mechanism, perform a transfer impact assessment etc.).
Deel is not responsible for any security measures relating to the Client's systems.
I hope this additional information eases any concerns on GDPR compliance and regulations.
Thanks so much for being a part of the Deel Community, and for sharing this question!
-Cassy
p.s. for further reading, please check out the Deel Data Processing Addendum here, and Deel's Privacy Policy here.
