GDPR and HR
By now most people have heard of GDPR (General Data Protection Act), some will have an idea of what impact this will have on their business but what about the impact of GDPR on HR?
Because the legislation is not due to be introduced till 25th May 2018 no one is 100% sure what the actual impact of GDPR will be. It’s surprising therefore how many ‘specialists’ are offering to ensure you are GDPR compliant before we really know what compliance actually means.
I personally have attended a number of seminars and read a variety of interesting articles (one ironically required me to opt in before I could see the article) about GDPR and whilst some have been focused on the negative side of things such as the increase in fines, there are many that see it as a positive. GDPR is an excellent opportunity to review and cleanse the data you hold about your employees whilst also looking at ways to make your processes more efficient when managing employee information.
Whilst we don’t confess to being GDPR experts we have put together a list of the top things that we think will help prepare you for 25th May 2018.
1. Don’t Panic.
Yes 25th May is approaching fast but there’s every chance you are almost already prepared as much of the GDPR legislation is in many ways very similar to the previous Data Protection Act. Just some fine tuning maybe required.
This is a worthwhile exercise irrelevant of GDPR and probably one that’s long overdue. The first thing to look at is what data you have, where you keep it and who can access it. Equally important is to take a look at your procedures for processing your employee data. Ask yourself:
- What information do you hold for your employees and is it all up to date and accurate
- Is all of the information you store really necessary?
- Where is the information stored and is it really secure?
- Who can access it and do they really need to have access?
- What policies and procedures do you have in place and do they need updating?
- Do you need to update your Contracts of Employment for GDPR?
This is a great opportunity to get on top of your employee data. Clear out anything that isn’t needed and tidy up what is. Also look at updating your procedures and even look at implementing a system to help store and manage your data more securely.
Documenting your data processing activities is very sensible. Documentation needs to include processing purposes, data sharing and retention amongst other things and needs to be kept up to date. Good documentation can help you comply with other aspects of GDPR and with how you generally manage data.
Clearly communicate to your employees what information you record about them, how this is used, why it is required by the company and who has access to it This is a key part of gaining consent which is an important part of GDPR. The consent itself has to be clear and concise and evidence of how the consent was gained needs to be kept.
Not only does this help towards your GDPR compliance but it also can be used to build your relationship with your employees by building trust.
GDPR obviously has wider implications for an organisation than just within the HR department. Most organisations record a wide range of information relating to people whether it be existing customers or a prospect list for sales activity.
Educating employees on how customer data is to be processed will be essential to not only to ensure your company is doing all it can to be GDPR compliant but it can also help keep them informed on the risks and preventive measures relating to Cyber Security (see our Cyber Security article).
agathonhr are providers of comprehensive yet affordable HR Software systems not GDPR experts so our opinions in this article are based on a simplistic common sense approach to GDPR. More in-depth information about GDPR compliance can be found on the Information Commissioner’s Office (ICO) Website.