An Employer’s Guide to GDPR part one
Keeping HR Simple have teamed up with Data Protection Specialist Simon Hinks. Simon works closely with businesses and charities on data protection, compliance and data auditing and helping them to understand their GDPR/DPA gaps. His hot topics include GDPR compliance and data audits, Communication audits and Customer journey audits.
We asked Simon to talk to us about the big picture of GDPR and what that means from a HR point of view.
The big picture
The new General Data Protection Regulation which comes into force on the 25th May 2018 expect you to put into place comprehensive but proportionate governance measures. Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. Practically, this is likely to mean more policies and procedures for organisations, especially for HR.
How can I demonstrate that I comply?
You must implement appropriate technical and organisational measures that ensure and demonstrate that you comply.
This may include:
- internal data protection policies such as staff training;
- internal audits of processing activities,
- reviews of internal HR policies.
You must maintain relevant documentation on processing activities, where appropriate, appoint a Data Protection Officer and implement measures that meet the principles of data protection by design and data protection by default. Measures could include:
- data minimisation;
- allowing individuals to monitor processing;
- creating and improving security features on an ongoing basis;
- using data protection impact assessments where appropriate.
From a practical point of view, this means staff contracts will need to be reviewed with possibly a revised privacy statement explaining how and who processes staff data e.g. payroll and pension providers will need to be named, for example.
There will also need to be a review of security in the office environment, ensuring that cupboards and offices containing personal data are kept under lock and key, for example.
We’ll be following this first post with more details and specific information but in the meantime, if you have any questions, don’t hesitate to let us know!
Note that this information is provided for general guidance and does not constitute legal advice