Welcome to our collection of law-now updates on the HR aspects of GDPR.
We appreciate that when it comes to GDPR compliance, it can seem like an overwhelming task. With that in mind we have broken this topic down into manageable – bitesize - sections, and provided a high-level and practical route map to compliance.
This series highlights the key changes for HR. It does not seek to cover issues like international data transfer, processing contracts or data privacy impact assessments, which will generally be picked up as part of an organisation’s wider GDPR planning. These are all areas we and our colleagues can assist with where they are relevant to your HR project.
While the GDPR introduces a new layer of obligations for HR teams, it builds on the existing data protection regime. Businesses should not therefore be starting from scratch, however there are important changes that need to be incorporated into systems, processes and approach.
Perhaps one of the most important changes is the cultural shift that the GDPR is seeking to achieve. In the digital economy that we now live in, the aim is to promote transparency and drive accountability. Employers need to move to a mind-set whereby they acknowledge they are the custodians of the data they hold, and recognise that employees - as data subjects – have a number of new rights reflecting this (going beyond although still including the vital right of subject access).
As we explain in this series, the first step for HR is a data audit – mapping out how your organisation processes personal data, why you do this and where potential compliance gaps might exist. An audit serves many purposes, and one of these is to feed the ‘privacy notice’ that will have to be issued to all employees and other workers. Many organisations are familiar with these for their customers, but have not issued them to their workforce (or at least not in any detail as will now be required). That approach needs to change.
Your action checklist should also include rethinking the basis of processing, as discussed in our update on moving away from consent, as well as revised subject access procedures and new policies on data protection and retention periods, to name but a few examples!
We can assist with all aspects of compliance, and would be delighted to discuss this with you.
Download PDF to find out more.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.