GDPR – three-month review
It’s three months since the GDPR regulations were introduced – now is a great time to review your own situation and ensure that those responsible for HR in your organisation are complying with these regulations…
The GDPR regulations, which were introduced in May, govern how businesses – whatever their size – handle personal data; this includes information handed over during the recruitment process, as well as staff information, data garnered from marketing initiatives and so on.
According to the Information Commissioner, the new laws, along with some high-profile investigations, have been instrumental in bringing data protection and privacy to the core of the UK public’s consciousness:
Elizabeth Denham said: “This is an important time for privacy rights, with a new legal framework and increased public interest.
“Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”
Interestingly, in contrast, recent research from the Chartered Institute of Marketing [CIM: Public understanding of data protection down as GDPR arrives] suggests that public understanding of data protection had actually dropped following the introduction of GDPR, as had their trust in companies using their data responsibly, with 73% not trusting technology platforms such as Facebook and Twitter with their personal data.
So, three months in, do you understand your own responsibilities with regard to GDPR – are you happy that you are compliant, and that you can remain compliant with the regulations going forward?
If you need a reminder about how important this is, if you do not comply with the GDPR regulations, which aim to enhance data protection and the right to privacy for EU citizens, you could find yourself facing a fine of 20m Euro or 4% of the company’s turnover.
For HR staff, it means that company employees must opt in to their personal data being used – and be aware of what it will be used for. This also applies to those in the recruitment process.
It is easy enough to put into practice – a data privacy statement should be signed by each employee – however you must remember that if you ever plan to use that information for a different purpose to the one outlined in the statement – you MUST get their express permission.
So, if you made sure this was done in time for May’s new regulations, now would be a good chance to revisit your statement and ensure that data is not likely to be used for any other purposes than those you listed last time.
If there are new additions – ensure you get a new statement produced, issued and signed.
Still not really sure where you stand with relation to the GDPR and data protection? We recommend this really useful tool for SMEs - Data protection self-assessment toolkit from the Information Commissioner’s office (ICO).
This toolkit will help you assess whether you are remaining compliant with GDPR, and what you need to do if not. The checklist is aimed at small and medium businesses.
At Embrace HR we know that managing people’s personal information is part and parcel of the HR process. We use HR software to easily keep data up to date and to manage what we need to keep and for how long. Software is a simple way to help comply in part with the GDPR. Take a look here for more information and to sign up for your free trial.
If you would like to discuss this subject further and how it may affect your business, please contact Cecily Lalloo at Embrace HR Limited.
T: 01296 761 288 or contact us here.
Based in Aylesbury, Buckinghamshire, Embrace HR Limited supports business owners who do not have their own HR department or those that do but need help from time to time. We also work across the Home Counties of Oxfordshire, Bedfordshire and Hertfordshire, and also SMEs based in London.