Stay Protected with the GDPR

ICO GDPR

Why HR professionals need to ensure they are complying with the latest data protection regulations…

Time moves quickly, and now there is only three months until the General Data Protection Regulation (GDPR) deadline comes around on 25 May 2018. Guidance can be found here. [ICO website guide to the GDPR]

In the past, the issue of keeping people’s personal data has usually been something that the marketing department has had to deal with – hence all those tick boxes on competition entries and subscription forms. The HR department has had to comply with the Data Protection Act 1998 but it needs to put into place even more stringent measures.

What it means

Failure to comply with the GDPR regulations will result in large fines being levied on offending organisations, so it’s important that you get it right.  Additionally, breaches must be reported to the ICO (Information Commissioners Office) within 72 hours of becoming aware of the breach.

The regulations require that when you collect data, you make the person aware of under what legal basis you are doing so, how long it will be kept for and whether it will be stored outside of the country. Where this is the case you must detail how the data will be safeguarded. You also need to let them know how they can ask for access to the files you hold and the process for requesting that they be deleted.

It’s worth remembering that the regulations apply to data however it is held – it may be on a main server, it might be in a filing cabinet in the corner of a basement office – the same rules will apply.

Although all regulation implementations involve extra work, the benefit of this work will be that it will help your HR teams to look at the way they process personal data, sort out any gaps in their compliance, and help them to build a healthier relationship with employees. In the process you may also be able to work out where training is needed or identify previously unknown skills within your team.

Data retention

The regulations are aimed at protecting personal data as people become increasingly aware of, and concerned about, how their personal information is stored and shared online. Employers will have more obligations to their staff when it comes to data storage and there will be stricter rules on how long you can keep information for – for instance details that have been gleaned during a recruitment process.

When it comes to former employees there may well be some changes and they will have a right to be ‘forgotten’. That means that while a former employer might want to keep data in case of any backdated employment claims, the employee will have more rights for their details to not be kept by you.

HR departments have been dealing with large volumes of personal date for some time, so it makes sense that this team will become the go-to place for other departments to come to for advice on what information to keep and share.

If you would like to discuss this subject further and how it may affect your business, please contact Cecily Lalloo at Embrace HR Limited.

T: 07767 308717 or contact us here.

 

Based in Aylesbury, Buckinghamshire, Embrace HR Limited supports business owners who do not have their own HR department or those that do but need help from time to time. We also work across the Home Counties of Oxfordshire, Bedfordshire and Hertfordshire, and also SMEs based in London.