How effectively does the GDPR protect the data of EU employees in multinational companies?

Abstract

This master’s thesis examines the real-life challenges that international organizations face when implementing data protection policies. The focus is on the situation where European employees work for US companies. Against the backdrop of the abolition of the Privacy Shield mechanism because of the high-profile Schrems II decision, the paper analyzes the evolution of approaches to data transfer between the EU and the US and the formation of new legal solutions, such as the development of the EU-U.S. Data Privacy Framework. The study examines in detail key issues: compliance with GDPR requirements, the structure of legal mechanisms, ensuring data security and managing risks during data transfer. It is emphasized that in the modern environment, data protection is not only a matter of compliance with formal regulations, but also a strategic aspect that affects the reputation and sustainability of a business. The work is aimed at providing not just an overview of current legislation, but a practical analysis of how companies can adapt to the rapidly changing legal landscape, while maintaining a balance between efficiency, security and legal obligations. The study offers specific recommendations and guidelines for companies that seek not only to comply with the requirements of the law, but also to build a long-term system for protecting the personal data of their employees, while minimizing the administrative burden.