GDPR come into force on 25 May 2018
The General Data Protection Regulations (GDPR) will come into force on 25th May 2018. This will supersede the Data Protection Act and will directly impact the UK, even after the UK’s exit from the EU.There will be a range of implications to the way you manage your business, not least in the way you manage your people. It’s important, if you haven’t already, to audit your HR policies and procedures to determine what changes need to be made in your people processes.
If you’ve got existing IT infrastructure in place you need to be reviewing it and ensuring it is fit for purpose in this new regulatory environment. This is particularly important as the fine for non-compliance ranges up to €20 million or 4% of a company’s annual turnover, whichever is greater.
- The person responsible for how data is processed (legally to be known as the Data Controller) will have to provide much more information about how data is being used
- Companies will need to acquire explicit consent to process data
- Data Protection Officers need to be appointed by organisations if they process personal data on any notable scale (if you’ve got a lot of staff members, this means you too)
If you’ve got staff members these regulations will impact you in several different ways. You will have to be careful about how you store the data during the recruitment process, through the course of employment and when contracts are concluded.
This means that employers will have to take many more steps than they would have done to ensure employees have expressly given their consent to the use of their data. The operative word here is express. Whereas previously a clause in the contract of employment would have been enough, now you should have a separate form by which they opt-in.
It’s probably not enough to just review your data protection policies, because once they’ve been updated, they need to be communicated to all staff members. It’s a good idea to update your equal opportunities policies as well. As you will now only be able to store personal information for as long as required. This means you will only be able to store certain personal information for the duration of pre-selection checks. Also, be aware that if you use any kind of automation in your selection process you will need added focus as employees cannot be solely assessed by automated systems.
The regulations are very prescriptive when it comes to “fair processing notices” and employees need to be informed of their right to refuse the processing of their personal information. In the past employees have had to pay a fee to access their data, however, it must now be freely available to them and you should make sure that you clearly signpost how they can get access to this data. When it comes to HR software, not only must it allow candidates and staff members to access data, but businesses will also need to be clear that their HR software and other data systems will enable them to delete their data, thus ensuring they are compliant with the data subjects new “Right to be Forgotten”.
If you haven’t started to think about how your people management processes will be impacted by this change of regulations, now is probably time to give it your attention. Being proactive in this area will go a long way to overcome any potential issues down the line. After all, any mistakes with the security of personal employee data could be both costly and detrimental to your business.
Are you worried about legislation changes such as GDPR and the potential implications on your business? If you could do with some help, WINC consultants really shine in employment arenas. We pride ourselves on being our clients’ most valuable partner in the attraction, retention and engagement of their current and future staff members. We offer quality end-to-end strategies and solutions including resource managment, hr operations and change communications within the employment space. Find out more about what we’re up to on the WINC website – and keep up-to-date with our latest news& views on Facebook, LinkedIn and Twitter.
About Karl Wood: Karl is a global HR and employment professional who has an impeccable record in delivering HR solutions for industry leading firms. Karl champions ideas that promote growth, profit and a positive organisational identity. Read more blogs by Karl.