The General Data Protection Regulations (GDPR) are due to come into effect from May 2018, and whilst the Data Protection Act has been around for many years already, the GDPR does somewhat enhance the obligations and duties of both a Data Controller and Data Processor.
The GDPR will apply to all organisations that are based in, or do business in the EU, irrespective of their size or sector. As the GDPR is a regulation rather than a directive, it will apply directly in member states without any additional national legislation. Even though the UK has voted to leave the EU, we will still be a member in May 2018, and therefore must comply until such time as we do leave. Any UK organisation that has part of its operation with the EU will have to continue to abide by this regulation, and any other organisations that wish to continue to trade with our EU neighbours will need to continue to comply with the rules that affect their data processing.
Even if you are fully compliant with the current Data Protection Act (DPA), some key action points to take are to:
- Review current policies and procedures to ensure that they cover the wider GDPR requirements; this might also be a review of how IT services manage information.
- Review current privacy notices, and how consent is managed. This can include recruitment or new hires, and if you use a HR or recruitment software provider, this will mean that your provider also needs to be able to demonstrate compliance with GDPR.
- Review how you deal with Subject Access Requests (SARS), as you will no longer be able to charge for these; the implications are also much wider reaching in terms of scope and timescales to respond.
- Review how you manage employee data. Does it comply with GDPR, and how would you be able to deal with ‘data rectification’ requests, and ‘the right to be forgotten’?
- Consider how you will deal with the required breach notification requirement.
We encourage you to consider the above action points, and conduct a comprehensive gap analysis (business wide) in relation to how you manage data, as well as the procedures and documentation you use to manage data. Once you have conducted this gap analysis, you will have an understanding of the work that needs to be done. To ensure compliance is demonstrable throughout your business we recommend that you train all staff, particularly those that will have access to data (client’s or staff) on the new procedures.
How we can help with GDPR
Over the past weeks and months, we have been updating you in relation to GDPR in our news updates as well as running a series of webinars and workshops. You can find lots of articles relating to GDPR on our website. They vary from understanding if you ‘are ready for GDPR‘, to ‘How to prepare for GDPR, as well as some other topical articles in relation to data breaches and associated fines. We have also developed a free GDPR Risk Audit to help point you in the right direction. We are running a GDPR interactive workshop and webinar to provide further information and action points for you to take.
Join us on 23 November, 2pm for a free one hour webinar. We aim to take a closer look at the impact of the GDPR on HR departments, with a particular focus on data retention and dealing with subject access requests (SARs).
GDPR Webinar fully booked – request free GDRP risk and compliance audit
GDPR Risk and Compliance Audit
As part of our service offering, HR Solutions will conduct a GDPR Risk and Compliance Audit for you, to enable you to be compliant with the General Data Protection Regulation, effective May 2018. This involves answering a few questions and should take 10-15 minutes to complete. If you would prefer to arrange a time to run through this with one of our HR Advisors then please email firstname.lastname@example.org and we can arrange a mutually convenient time to give you a call. Once the audit is complete a HR Advisor will review your responses, and compile a report for you and send it directly to you. We encourage you to ensure that you have enough time to complete the audit in one go.
To start the GDPR Risk and Compliance Audit please click the link below:
GDPR Risk and Compliance Audit
GDPR Interactive Workshop
The aims of the workshops are to provide you with an overview of GDPR and how it relates to employee data; to enable you to understand the data you hold; and to provide you with practical guidance as to what you need to do with the data you hold. Throughout the workshop we used the individual organisations data as worked examples, leaving them with an action plan to take back to your organisation.
At the HR Solutions interactive workshop on 21st November we discussed the different aspects of the incoming General Data Protection Regulations (GDPR), as well as provided attendees with a work book that we went through with them in a practical manner. By the end of the workshop they were able to understand the data they held in more detail, and have a plan of action to take back to their organisation. The GDPR Workshop in Kettering was fully booked. It was held on Tuesday 21 November 2017 from 08:30am to 5:00pm at the Kettering Park Hotel & Spa, Kettering Parkway, Kettering, NN15 6XT. Places were limited, so early booking was required to secure a place.
Contact us to register your interest for the next GDPR workshop.
DATE AND TIME: to be confirmed.
LOCATION: to be confirmed.