Chris Coughlan: Top GDPR issues for HR

-

The General Data Protection Regulation (GDPR) represents a series of extensive and (in part) complex changes that businesses will need to incorporate and keep under review from 25 May 2018. Implementation will require several parts of the business working together to ensure that all aspects of data storage and processing within the business is GDPR ready.

Failures could now result in significant financial penalties.

Given the scope of GDPR, businesses should be undertaking an impact assessment and drawing up a project plan which will require working groups that are cross departmental to address each aspect of data processing (i.e. IT, HR, Finance, Sales, Marketing).From a HR and employee data perspective the issues that HR professionals will need to consider as part of the overall project plan will include:

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

1. Employee Consent

Employers should no longer rely on the type of passive consent that is currently common in standard employment contracts and so should update new employment contract templates.

To process employee data, the employer should not rely on an employee’s blanket consent requirements, and instead rely on one of the other ‘other conditions for processing data’ such as ‘performance of a contract’, ‘legal obligation’ or ‘legitimate interests’.

Informed and proactive consent might be needed if the processing of employee data is required for a specific purpose other than the purpose of general employment.

2. Update Policies and Procedures

Employer’s will need to review their Data Protection Policy (which will require important amendments) as well as wider policies that connect to the various aspects of data compliance including the Whistleblowing Policy, Code of Conduct, Electronic Communications Policy, IT Policy and Home Working Policy.

3. Training Programme

Employees will need to understand GDPR and how it applies to them in practice. Delivery of the implementation will need to be supported by a comprehensive training programme that is ongoing, regularly updated and regularly attended by relevant staff.

4. Breach Response

HR ought to contribute and be a part of the business’s breach response plan. Many data issues – such as data leaks – will commonly come to HR first as they are almost always related to employees in some way.

5. Subject Access Requests

The rules on responding to subject access have changed and so HR need to familiarise themselves with the new regime in anticipation of receiving a request post May 2018.

6. Impact assessment and Project Plan

HR should be represented on the working groups tasked with identifying risk factors, impact and finalising the project plan.

Chris is a Senior Associate in the Commercial Team and Head of Data Protection and Privacy. Chris specialises in data protection and privacy, regularly advising clients on national and international data protection matters.

Latest news

Lucy Standing: Older workers are back in the centre of the hiring debate – ready to lead the response?

For HR leaders, the argument is simple: the people being filtered out of your hiring process are not past their best.

One in 10 women quit work after pregnancy loss, report finds

Research suggests inconsistent workplace support following pregnancy loss and maternity leave is contributing to resignations and poorer mental wellbeing.

Fear of becoming obsolete grips workers as AI reshapes careers

More than two in five workers worry their skills could become outdated as AI reshapes hiring demands and increases pressure to keep learning.

Ford rehires 350 engineers after AI fails to deliver

Carmaker says veteran engineers have helped improve quality, mentor younger staff and retrain AI systems after automated checks fell short.
- Advertisement -

Low harassment reporting may hide workplace misconduct, employers warned

Low workplace harassment reporting rates may reflect a lack of trust in reporting systems rather than an absence of misconduct, new research suggests.

Jennifer Liston-Smith joins Halo Workplace Nurseries board

HRreview columnist Jennifer Liston-Smith has joined Halo Workplace Nurseries as chief purpose officer to help develop its workplace nursery compliance platform.

Must read

Seren Trewavas: Everyone needs resilience, not just those in the spotlight

A study from earlier this month found that UK...

Sam Olsen: How businesses and HR can help young people get into work

"Disadvantaged young people will be among the worst affected groups as a result of the COVID-19 crisis, yet we believe they could also be the smartest solution to building back our workforces."
- Advertisement -

You might also likeRELATED
Recommended to you