Data Protection for the 21st Century
Employment aspects of GDPR
The General Data Protection Regulation (GDPR) becomes law on 25 May 2018. GDPR is the biggest change to data protection law in 20 years and reflects technology developments and increasing amounts of personal information processing.
For employers, the main changes from the Data Protection Act 1998 are:
- A new individual right to be informed. This means you will need to proactively advise your workforce and job applicants about their personal data held and processed.
- Consent for processing personal data in an employment relationship can no longer be relied upon. Employers will need to rely on one of the other 5 legal reasons for processing (including compliance with a legal requirement, performance of the contract and legitimate reasons of the organisation).
- Process changes for subject access requests where individuals may ask to see their personal information that is stored or processed.
- Record keeping. Data controllers and processors (employers) are required to keep certain records to demonstrate their compliance with the new regulations.
- Huge increases in financial penalties for non-compliance with the maximum being 4% of global annual turnover, or €20m – whichever is greater.
What do I need to do?
The financial penalties are a serious motivator for compliance, so you should act now. This is a significant change to the law and there is lots to do – much more than can be listed here. In the first instance you should:
- Conduct a data audit to assess what employee data you hold and why
- Update your current employment documents eg contract, handbook and policies/procedures to comply with the new regulations including:
- amendments where consent is currently sought
- update references to the Data Protection Act 1998
- changes to subject access request procedures
- keeping data secure and accurate.
- Create privacy notices to advise how personal information is legally used and advise individual rights around data processing
- Plan training your workforce on their responsibilities to keep your organisation GDPR compliant.
How can West HR help?
Over the last few months we’ve been busy learning about the regulations and interpreting them into clear steps for employers.
The easiest way to start your preparations are to meet with us for a briefing and creation of a bespoke action plan which we can support the delivery of as required.
In addition, we offer Training workshops on the detail of implementing the HR aspects of GDPR in a practical full or half-day session.
The Information Commissioner’s Office (ICO) website has some clear explanation of GDPR along with implementation checklists and templates. It is being constantly being updated with guidance in all aspects of GDPR and is a good starting point.
Contact us now to book a briefing and action planning meeting:
01949 500 949