GDPR - General Data Protection Regulation has come into force in Europe from 25 May 2018. But what does it mean?
This is all about strengthening and unifying data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU, enforces penalties for breach and defines stronger conditions for consent. As an HR department, you’re storing personal data on your employees – and job vacancy candidates – so if you have staff in Europe, you have a legal responsibility for how you process this personal data.
The first steps are simple, but you need to be aware that what works for one organization might not necessarily be the same for you, but what is the same is that you need to ensure that you remain compliant. Without the necessary procedures in place can result in hefty fines.
What do you need to ask yourself?
1. Have you correctly informed people why you are collecting data and what you are doing with it?
2. Do you have a process by which an individual can get access to the personal data you store?
3. How do you provide employees with the right to be forgotten?
4. Are you using any automated tools for staff profiling and have you informed staff and provided them with a right to object?
When it comes to employee data, you need to balance the regulatory requirements to retain historical employee data for a period of time with the employee’s right to be forgotten. It’s important that you clearly define your policies and procedures, understand your regulatory requirements and select the technology solutions that best enable you to execute your policies.
refer to our whitepaper