Call us on
0161 941 2426

HR Tips for GDPR Compliance

Posted On: 07/03/2018

The General Data Protection Regulation (GDPR) takes effect on 25th May 2018. This new regulation intends to strengthen and unify data protection for all individuals within the EU. All organisations who hold data will be required to adhere to strict procedures and meet standards relating to the information they hold.

Complying with the GDPR rules is not only mandatory but it will gain the trust of your workforce and customers.

So, how do you make sure your data collection practices don’t break the law?

Be Prepared

For some, just hearing the acronym GDPR can send their pulse raising and give them butterflies. But the more research and preparation an organisation can do to understand its impacts the better. Ensuring your databases are in order should be a priority to reduce the risk of breaches.

Appoint a Data Protection Officer

It’s good practice to appoint a Data Protection Officer (DPO) within your organisation even if your company does not fall into the category deeming this role a necessity. This key player can dedicate time to understand the changes coming into force and oversee your strategies and compliance programmes. It is important that your DPO delivers training to keep the rest of your workforce informed of what is expected of them.

Create an Accurate Inventory

It’s advisable to build and maintain a detailed database of all the personal data you hold. It is also critical you know the answers to these questions about the information you hold:

  1. Why are you holding it?
  2. How did you acquire it?
  3. How long do you need to hold it?
  4. Do you share it with third parties, if so, why?
  5. Where is the data held and how secure is it? Consider the need for encryption and accessibility.

Clear policies and procedures on handling, storing and processing this data must be put in place to ensure your company remains compliant.

Understand Transparent Privacy Rights

The GDPR respects the rights of individuals, these include the right to rectify or erase inaccurate or incomplete data and the right to request a copy of the information held on them.

Following a request your organisation must action within 30 days. Even more reason to keep an up to date and accurate database.

Review Key Documents

The key documents that employers should review as part of the GDPR compliance include: data protection policy, policies that involve the processing of HR-related personal data, policies on “bring your own device”, recruitment, equal opportunities.

Review Privacy Notices

Before the regulation is introduced, your organisation will need to review its privacy notices and clauses to reflect any changes you need to make. Customers have a right to understand how the information you hold on them will be used.

Gain Explicit Consent

Consent must be explicitly sought by organisations wanting to legitimate the use of sensitive data. The consent given must be obtained in a way that leaves no room for misinterpretation and must be as easy to withdraw as to give.

Research Child Consent Policies

The GDPR brings in new rules to the consent requirements and rights of children. The default age at which someone is no longer considered a child is 16, but the Regulation allows member states to adjust that limit to anywhere between 13 and 16.

Implement a Privacy-By-Design Approach

Under the new GDPR, Data Protection Impact Assessments (DPIA) will become a requirement prior to undertaking new projects. Following this rule, businesses will be able to see how changes can affect individual’s privacy.

Data Breaches

The data breach notification requirement is one of the biggest challenges that the GDPR presents to businesses. A detailed account of the breach must be reported within 72 hours of discovery to your Supervisory Authority (SA). It is crucial that a policy and procedure has been put in place to include who your SA is.

All breaches should be recorded together with the steps put in place to prevent similar incidents happening again.

Review Contracts with any External Suppliers

If you use third parties to process personal data on your behalf (i.e. Payroll, HR), all contracts with such third parties should be reviewed for compliance with data processing requirements in advance of 25 May 2018, and amendments negotiated if they are not compliant.

Don’t Panic

Our final piece of advice! There is a lot to be done to ensure your company is ready but if you keep a clear, accurate and detailed database you’ll be in great shape.

Our simple to use automated HR data management system not only eases the flow of data and documents, generates reports and sets permissions; it eliminates the butterflies in your stomach too!

Get In Touch

What Our Clients Say

“"Since using P3PM I have found that they have been keen to understand how our business operates in order to tailor the HR Services to our needs and requirements. It has allowed me the opportunity to have additional support for more complicated HR situations." ”

P Knight - CEO

Read Our Latest Blogs

Embracing an Ageing Workforce

Posted On: 31/07/2020

There are lots of reasons why many of us are choosing to work for longer. We enjoy better health, we love having purpose in our lives and, as workplaces embrace diversity and;

Read More > >

Generation Z

Posted On: 22/07/2020

Generation Z is the first fully digital generation and is set to change the workplace with its unique set of priorities, values and needs. This newest generation is aged around 5 years to;

Read More > >

Subscribe to our HR News updates

Get the latest updates from P3 and great advice on how your HR can be improved.

To Top