Call us on
0161 941 2426
The General Data Protection Regulation (GDPR) takes effect on 25th May 2018. This new regulation intends to strengthen and unify data protection for all individuals within the EU. All organisations who hold data will be required to adhere to strict procedures and meet standards relating to the information they hold.
Complying with the GDPR rules is not only mandatory but it will gain the trust of your workforce and customers.
So, how do you make sure your data collection practices don’t break the law?
For some, just hearing the acronym GDPR can send their pulse raising and give them butterflies. But the more research and preparation an organisation can do to understand its impacts the better. Ensuring your databases are in order should be a priority to reduce the risk of breaches.
Appoint a Data Protection Officer
It’s good practice to appoint a Data Protection Officer (DPO) within your organisation even if your company does not fall into the category deeming this role a necessity. This key player can dedicate time to understand the changes coming into force and oversee your strategies and compliance programmes. It is important that your DPO delivers training to keep the rest of your workforce informed of what is expected of them.
Create an Accurate Inventory
It’s advisable to build and maintain a detailed database of all the personal data you hold. It is also critical you know the answers to these questions about the information you hold:
Clear policies and procedures on handling, storing and processing this data must be put in place to ensure your company remains compliant.
Understand Transparent Privacy Rights
The GDPR respects the rights of individuals, these include the right to rectify or erase inaccurate or incomplete data and the right to request a copy of the information held on them.
Following a request your organisation must action within 30 days. Even more reason to keep an up to date and accurate database.
Review Key Documents
The key documents that employers should review as part of the GDPR compliance include: data protection policy, policies that involve the processing of HR-related personal data, policies on “bring your own device”, recruitment, equal opportunities.
Review Privacy Notices
Before the regulation is introduced, your organisation will need to review its privacy notices and clauses to reflect any changes you need to make. Customers have a right to understand how the information you hold on them will be used.
Gain Explicit Consent
Consent must be explicitly sought by organisations wanting to legitimate the use of sensitive data. The consent given must be obtained in a way that leaves no room for misinterpretation and must be as easy to withdraw as to give.
Research Child Consent Policies
The GDPR brings in new rules to the consent requirements and rights of children. The default age at which someone is no longer considered a child is 16, but the Regulation allows member states to adjust that limit to anywhere between 13 and 16.
Implement a Privacy-By-Design Approach
Under the new GDPR, Data Protection Impact Assessments (DPIA) will become a requirement prior to undertaking new projects. Following this rule, businesses will be able to see how changes can affect individual’s privacy.
The data breach notification requirement is one of the biggest challenges that the GDPR presents to businesses. A detailed account of the breach must be reported within 72 hours of discovery to your Supervisory Authority (SA). It is crucial that a policy and procedure has been put in place to include who your SA is.
All breaches should be recorded together with the steps put in place to prevent similar incidents happening again.
Review Contracts with any External Suppliers
If you use third parties to process personal data on your behalf (i.e. Payroll, HR), all contracts with such third parties should be reviewed for compliance with data processing requirements in advance of 25 May 2018, and amendments negotiated if they are not compliant.
Our final piece of advice! There is a lot to be done to ensure your company is ready but if you keep a clear, accurate and detailed database you’ll be in great shape.
Our simple to use automated HR data management system not only eases the flow of data and documents, generates reports and sets permissions; it eliminates the butterflies in your stomach too!
“P3PM helped us to find a [360 degree feedback] tool which responded to our need for detailed and actionable feedback for senior staff within the business. They ensured that we were supported throughout the process. The outcomes have been tangible, with colleagues identifying clear areas for development which have been actioned and realised positive results. The process also helped us to understand the balance of skills and behavioural competencies within the senior team and tailor recruitment and development to move towards the balance we want to have. ”
We start 2020 with some certainties. We know Boris Johnson won the election and that his party will ‘Get Brexit done’ at the end of the month. However, many questions remain unanswered;
What words pop into your head as being the most significant for 2019? Obviously ‘Brexit’ will feature high up on that list. Perhaps ‘change’, ‘unrest’ and ‘rethink’ come to mind too. Last year;
Get the latest updates from P3 and great advice on how your HR can be improved.