What should HR teams do to get ready for the GPDR? | Incentive&Motivation

Employee Incentives News: What should HR teams do to get ready for the GPDR?

 Helen Farr, Partner at Fox Williams www.foxwilliams.com


From 25 May 2018 the regulatory regime governing businesses’ use of data will change substantially when the General Data Protection Regulation (“GDPR”) comes into force. This will have a big impact on HR departments.

While the GDPR builds on many of the principles of the Data Protection Act 1998 (“DPA”), there are new elements, as well as some practices which will need to be done differently. Penalties for non-compliance with the GDPR will also be much higher with fines set at the greater of 20 million euros or 4% of global turnover, so it is important to get it right.

The impact of this cocktail of change will be a lot of work for HR departments. As a minimum, we expect HR teams to be responsible for undertaking the following:

  • a data inventory and mapping exercise to understand what data they have, how it is used and what third parties are involved in processing;
  • a gap analysis to work out what compliance steps are needed;
  • a review of privacy policies, data protection policies and incident response plans;
  • drafting revised staff data protection policies and communications monitoring policies;
  • a review of recruitment and selection process and the use of data in these processes;
  • a review of contracts of employment and policies and how the business uses employee data;
  • a data privacy impact assessment;
  • training staff on data protection; and
  • if the business has global offices and personal data is commonly sent internationally these processes will need review.

So how do you approach this?

The first step is to get support from colleagues in legal, compliance, marketing and commercial teams as the issues does not solely impact on employee data.

The second step is to carry out an audit in order to understand what employment data your business has, how it is used, where it is held and whether any third parties are involved in processing the data.

Once these initial tasks have been performed HR should:

  1. review policies and procedures currently in place and consider how they need to be amended going forward, including data protection policies, communication mentoring, recruitment and selection;
  2. amend data protection clauses in employment contracts;
  3. provide training on data protection to work force;
  4. consider how to transfer data outside the EEA; and
  5. consider how to manage data subject access requests under the new regime.

The biggest challenge is making sure organisations do not leave it too late to get ready for the new regime. The key message is take action now, consider how the GDPR will impact your organisation and take advice from your legal and compliance advisers if needed.

Helen Farr, Partner at Fox Williams www.foxwilliams.com

Incentive and Motivation offers the latest news in employee benefits, rewards, incentive programmes and recognition. Discover the best employee engagement platform, learn about communicating your incentives or the latest tech in the HR space. Popular posts:

Want to be a part of our research by answering some easy questions?