The sole purpose of this article is in no way to give legal advice or come across as experts on the GDPR policy. The purpose of this article is to bring awareness and to promote more interest and conversation on this topic for the HR Professionals. Having spoken to our clients it appears that many are not aware of the dates, penalties or even have heard of the policy. It does, however, matter. We urge HR professionals to do further research and communicate with the right people within their own business to make sure they know how to prepare from an HR point of view. It is a big deal! Data protection is a crucial part of effective HR Administration as it holds personal information which should be stored safely and accurately. The whole and sole purpose of GDPR is to strengthen human rights and protection of personal data and privacy, hence it directly increases obligations on the business. This is the biggest change in privacy law in the past 20-30 years, moreover it carries high penalties for noncompliance.
HR Professionals must be aware that they will be getting involved in this change, even if outsourcing or offshoring.
The Government has confirmed that the EU’s General Data Protection Regulation 2016 will affect the UK. The regulation comes into effect on May 25th, 2018. Therefore, since the UK does not officially leave the EU until March 29th, 2019, at this point, it will still be subject to EU law.
Some of the basics we have gathered:
1. First and foremost, HR must make sure they are aware of dates when the GDPR comes into effect and must be aware of the penalties involved for non-compliance.
2. HR must be aware of the data controllers and data protection officers who will be monitoring and implementing these changes within the business
3. HR will be involved in reviewing and auditing its procedures and processes to make sure they are ready to apply changes where needed
4. Employees gain enhanced rights over the use and retention of their data. It is important to ensure that the employee has clearly expressed consent for their data to be used. This can either be a clause in the employment contract or a separate form.
5. Employee’s or potential employees have the right to delete, rectify their data therefore HR must ensure their system/software is able to delete data completely once requested
6. Clear policies and regulations are specifically important during recruitment, and the HR has to ensure that any pre-employment checks are not kept on the system longer than needed
7. HR will need to be aware whether there is a system in place which notifies of any data breaches and work closely with the data protection officer to report it
These are just some of the basic examples of the changes to come in to place.
Again, the main purpose of this article is to highlight the importance of new GDPR regulations and how it will affect the HR department.
Most importantly if you have not heard of GDPR before, do some research and communicate with the relevant person in your business who can highlight exactly what will be done, what you can do to help and how it will affect the ways you work and how employee’s data is currently stored.
Comments