GDPR – HR IMPLICATIONS
Yesterday we ran a workshop to 30 business owners and HR professionals on the HR implications of the GDPR.
Our perception was that unless you had been living under a rock for the last 12 months, everyone knew what the basics of GDPR are, and it was just a case of refining the info in order to understand what needed to be done in different businesses. This wasn’t necessarily the case. Most in the room had heard of GDPR, but the common theme was that they knew it was coming, but really didn’t know how it affected their business – or how on earth to get started!
Our job was to educate on the HR implications of the GDPR, and our friends over at LMS Group came along to educate on the IT side, but the implications are much wider reaching than this.
“So what can I do?”, I hear you cry.
Well here are our top tips to get you started on your journey to become GDPR compliant ahead of the 25th May, 2018 deadline.
- Understand the basics
In brief, the GDPR is a new regulation replacing the current data protection act. It is being introduced due, in part to the huge updates in technology since the original data protection act was introduced 20 years ago. No longer is our data stored in a locked filing cabinet, it is likely to be spread across the internet, held by numerous companies, and the risk and implications of a data breach much much higher. The new regulations are not dissimilar to the current legislation – however, the implications and requirements are much more onerous. It is no longer a tick box exercise, and you must be able to demonstrate accountability and follow strict rules on data processing, as well as understanding that data subjects (the individuals the data relates to) have far greater rights.
- Understand where it will impact
The GDPR is likely to impact on your business in the following key areas:
- Direct marketing
- CRM/Customer Service
- Understand the potential fines
Article 83 of the General Data Protection Regulation provides details of the administrative fines. There are two tiers of fines. The first is up to €10 million or 2% of annual global turnover of the previous year, whichever is higher. The second is up to €20 million or 4% of annual turnover of the previous year, whichever is higher. Generally speaking, breaches of controller or processor obligations will be fined within the first tier, and breaches of data subjects’ rights and freedoms will result in the higher level fine.
- Get a plan together
You have between now and 25 May 2018 to ensure you are compliant. If you want to do this properly, and ensure everything is ok, this is likely to mean a significant amount of work. In part you are going to need to review your current data processes, identify gaps for compliance and plan to implement solutions before the GDPR is enforced. All companies should ensure they can meet the rights for individuals, such as the right to be forgotten and requests for their data, and some companies will also need to designate a Data Protection Officer. The actions required will be specific to each company and their data processes.
- Get help if you need it
This is going to be a huge undertaking for some organisations. So don’t be scared to ask for help – that’s why we are here.
With HR data likely to be one of the ‘juiciest’ data areas in your business, don’t overlook this in your GDPR preparations.
We can help with our HR GDPR support package. Get in touch today and we will send over further information.
We are also going to be running another HR GDPR workshop, so get in touch if you would like further info on the date and location.