Blog

Data protection issues have an impact on most HR activities, from handling recruitment and employer references to employee record-keeping and performance monitoring.

It is therefore important, whether you are an employer or not, to stop your eyes from glazing over. Instead, ensure that you have a sound knowledge of data protection principles and law, understand how to manage data responsibly, and keep up-to-date with new legal requirements. Keep reading for GDP regulation which is due to come into force on 25 May 2018 and will enhance data protection laws, creating new responsibilities for those who hold personal data.


 

Organisations that ignore their legal obligations will risk reputational damage, potential prosecution in the courts, and also penalties for breaches that could be up to 4% of an organisation's annual turnover or 20 million Euros, whichever is greater!

If you are an employer, you need to start thinking about the implications now in order to be fully compliant. Even though the UK is scheduled to leave the EU 9 months after the regulation comes into force, UK businesses still need to prepare for compliance. The GDPR will not only affect EU-based organisations, but many data controllers and processors outside the EU as well, according to Gartner in a press release on 3rd of May this year.

The GDPR replaces the Data Protection Directive 95/46/EC, and is designed to support the single market, harmonise data privacy laws across Europe, protect and empower European Union citizens' data privacy, and reshape the way organisations approach data privacy for EU citizens wherever they work in the world. 


 

As an employer, the sort of information covered by data protection at work is detailed by the ICO in their Employment Practices Code, which I would recommend you follow carefully with regards to:

• Recruitment and selection
• Employment records
• Monitoring at work
• Information about workers' health

• Appoint a data protection officer to be in charge of all aspects of information, including compliance with Data Protection Act 1998 and Freedom of Information Act for public authorities;
• Audit information systems to find out who holds what data, and why;
• Consider why information is collected and how it is used, and issue guidelines for managers about how to gather, store and retrieve data;
• Ensure that all information collected complies with the DPA;
• Check the security of the information stored;
• Check the transfer of data outside EEA;
• Check the organisation's use of automated decision making;
• Review policy and practice in respect of references;
• Review or introduce a policy for the private use of telephones, email and post;

Therefore, Realise that you need to be considering the upcoming changes;
Aspire to follow the above action plan; and
Do act now to prepare for the GDPR, which come into force in May 2018.

CONTACT NOW for GDPR and HR Support