HR and GDPR a post May2018 a review of the basics
HR departments play a huge part in making sure that companies are compliant with new GDPR rules, meaning that they are avoiding thousands of pounds of fines for their business.
However, since the law was introduced, there have been a huge number of complaints to regulators – an increase of 160% from the same point in the previous year.
For companies who are not yet compliant with regulations, there is a serious risk of a fine. If you are working in HR then this could cause some pressure for you, as much of what is needed falls on your shoulders.
Amongst the challenges that are faced is ensuring that consent has been received for data to be stored and collected. An assumed consent is no longer enough, and this is something that companies need to get up to date with.
There are a number of things that companies still need to get in line with, which are outlined below.
• Recruitment. All candidates should be given notification of what their data will be used for. Only necessary data should be collected.
• Access to information. It should be ensured that only authorised individuals have access to any information that is being stored.
• Retention of data. It is vital that any data that is no longer needed is disposed of, and not kept on file for longer than is essential.
• Working with third parties. If you work with third parties as a part of your business, you will need to make sure that they are all compliant with GDPR policy, as there could be issues if not.
One thing that your company could do is to hire a data protection officer. Although this is a role that wouldn’t have been needed in the past, with so much change when it comes to data gathering and storage, it makes sense to make this the sole focus of one employee.
To make sure that all data is handled sensitively, discussions need to be open and honest across the whole company. This way, HR departments can ensure that their companies are compliant, giving them the best chance of avoiding fines.