Posts

Embrace HR Aylesbury GDPR-3-Months-On

It’s three months since the GDPR regulations were introduced – now is a great time to review your own situation and ensure that those responsible for HR in your organisation are complying with these regulations…

The GDPR regulations, which were introduced in May, govern how businesses – whatever their size – handle personal data; this includes information handed over during the recruitment process, as well as staff information, data garnered from marketing initiatives and so on.

According to the Information Commissioner, the new laws, along with some high-profile investigations, have been instrumental in bringing data protection and privacy to the core of the UK public’s consciousness:

Elizabeth Denham said: “This is an important time for privacy rights, with a new legal framework and increased public interest.

“Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”

Interestingly, in contrast, recent research from the Chartered Institute of Marketing [CIM: Public understanding of data protection down as GDPR arrives] suggests that public understanding of data protection had actually dropped following the introduction of GDPR, as had their trust in companies using their data responsibly, with 73% not trusting technology platforms such as Facebook and Twitter with their personal data.

So, three months in, do you understand your own responsibilities with regard to GDPR – are you happy that you are compliant, and that you can remain compliant with the regulations going forward?

If you need a reminder about how important this is, if you do not comply with the GDPR regulations, which aim to enhance data protection and the right to privacy for EU citizens, you could find yourself facing a fine of 20m Euro or 4% of the company’s turnover.

For HR staff, it means that company employees must opt in to their personal data being used – and be aware of what it will be used for. This also applies to those in the recruitment process.

It is easy enough to put into practice – a data privacy statement should be signed by each employee – however you must remember that if you ever plan to use that information for a different purpose to the one outlined in the statement – you MUST get their express permission.

So, if you made sure this was done in time for May’s new regulations, now would be a good chance to revisit your statement and ensure that data is not likely to be used for any other purposes than those you listed last time.

If there are new additions – ensure you get a new statement produced, issued and signed.

Still not really sure where you stand with relation to the GDPR and data protection? We recommend this really useful tool for SMEs ­- Data protection self-assessment toolkit from the Information Commissioner’s office (ICO).

This toolkit will help you assess whether you are remaining compliant with GDPR, and what you need to do if not. The checklist is aimed at small and medium businesses.

At Embrace HR we know that managing people’s personal information is part and parcel of the HR process. We use HR software to easily keep data up to date and to manage what we need to keep and for how long. Software is a simple way to help comply in part with the GDPR. Take a look here for more information and to sign up for your free trial.

If you would like to discuss this subject further and how it may affect your business, please contact Cecily Lalloo at Embrace HR Limited.

T: 01296 761 288 or contact us here.

Based in Aylesbury, Buckinghamshire, Embrace HR Limited supports business owners who do not have their own HR department or those that do but need help from time to time. We also work across the Home Counties of Oxfordshire, Bedfordshire and Hertfordshire, and also SMEs based in London.

Why HR professionals need to ensure they are complying with the latest data protection regulations…

Time moves quickly, and now there is only three months until the General Data Protection Regulation (GDPR) deadline comes around on 25 May 2018. Guidance can be found here. [ICO website guide to the GDPR]

HR have always had to keep people’s personal data because of the nature of employing people and was regulated under the Data Protection Act. However, the issue of keeping people’s personal data has usually been something that the marketing department has had to deal with – hence all those tick boxes on competition entries and subscription forms.

What it means

Failure to comply with the GDPR regulations will result in large fines being levied on offending organisations, so it’s important that you get it right.  Additionally, breaches must be reported to the ICO (Information Commissioners Office) within 72 hours of becoming aware of the breach.

The regulations require that when you collect data, you make the person aware of under what legal basis you are doing so, how long it will be kept for and whether it will be stored outside of the country. Where this is the case you must detail how the data will be safeguarded. You also need to let them know how they can ask for access to the files you hold and the process for requesting that they be deleted.

It’s worth remembering that the regulations apply to data however it is held – it may be on a main server, it might be in a filing cabinet in the corner of a basement office – the same rules will apply.

Although all regulation implementations involve extra work, the benefit of this work will be that it will help your HR teams to look at the way they process personal data, sort out any gaps in their compliance, and help them to build a healthier relationship with employees. In the process you may also be able to work out where training is needed or identify previously unknown skills within your team.

Data retention

The regulations are aimed at protecting personal data as people become increasingly aware of, and concerned about, how their personal information is stored and shared online. Employers will have more obligations to their staff when it comes to data storage and there will be stricter rules on how long you can keep information for – for instance details that have been gleaned during a recruitment process.

When it comes to former employees there may well be some changes and they will have a right to be ‘forgotten’. That means that while a former employer might want to keep data in case of any backdated employment claims, the employee will have more rights for their details to not be kept by you.

HR departments have been dealing with large volumes of personal date for some time, so it makes sense that this team will become the go-to place for other departments to come to for advice on what information to keep and share.

If you would like to discuss this subject further and how it may affect your business, please contact Cecily Lalloo at Embrace HR Limited.

T: 07767 308717 or contact us here.

 

Based in Aylesbury, Buckinghamshire, Embrace HR Limited supports business owners who do not have their own HR department or those that do but need help from time to time. We also work across the Home Counties of Oxfordshire, Bedfordshire and Hertfordshire, and also SMEs based in London.