With GDPR (General Data Protection Regulations) coming in May 2018, Human Resource Departments are gearing up for fundamental changes to the way they handle personal data.
Below are some of the key changes that GDPR brings in which are particularly relevant for HR teams:
1. The conditions for obtaining valid consents are becoming much stricter. Employers should be wary of relying on blanket consent wording in an employment contract. We suggest separate consents which we can help your business put together.
2.Increased transparency obligations, with emphasis on ensuring data subjects (workers, employees, consultants) know more about their rights, such as stronger subject access rights and the ‘right to be forgotten’ or your details amended.
3. A greater emphasis on privacy requirements. It is useful to have a Privacy Policy policy in place for employees, workers and customers as well.
4. A new principle of ‘accountability’ is also introduced, requiring businesses not only to comply with the GDPR principles, but also to be able to demonstrate how they comply.
5. An obligation to notify the appropriate regulator (the Information Commissioner’s Office (ICO), in the event of a data breach within 72 hours if feasible. To begin with at the very least make sure your business is registered with the ICO – you can do this online.
In our next blog we will look at the documentation to put in place in good time for the new GDPR.