GDPR – What should HR be doing?
There are only a few months left until the implementation of GDPR. The new regulations have an impact on most HR activities from general consent to processing personal data in contracts of employment. Privacy notices will need to change, requiring organisations to explain: the lawful basis for processing the data, data retention periods, and the right of complaint to the ICO. The time frame for answering Subject Access Requests will reduce from the current 40 days to a month and in most cases a charge can no longer be made.
The new rules are intended to meet the needs of a digital age, and require a change in organisational attitude towards data privacy.
What do I need to be doing?
- Audit information systems to find out who holds what data, and why.
- Consider why information is collected and how it is used.
- Issue policies and guidelines for managers on data security and retention about how to gather, store and retrieve data.
- Review your recruitment processes and template documentation.
- Review your employee privacy notices to ensure they are compliant with GDPR. Is it clear, transparent and explains how an individual’s data is used.
- Audit your employment contracts (redrafting any data protection clauses and removing any general consent clauses).
- Check the security of the information stored.
- Check whether consent has been freely given and option for the right to change mind.
For further information on how we can help you with GDPR, please contact one of the team.
When was the last time you reviewed or updated your policies and documents? Do you need help creating a policy but aren’t sure where to start? The team at ELiAction can provide the HR support you need. Call 01494 817193 or visit: HR Support