The General Data Protection Regulation (GDPR) is a change in focus from regulating high risk data processing activities to improving data security in more routine matters. As an employer, you will need to review how you collect, hold and process personal data, as well as how you communicate with individuals about that activity.
The regulation becomes effective from 25 May 2018 and you will need to demonstrate compliance with its main principles by showing that any personal data you handle is:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and kept up to date where necessary
- kept for no longer than is necessary where data subjects are identifiable
- processed securely and protected against accidental loss, destruction or damage.
Our guide to GDPR for SME Employers sets out a clear explanation of the main changes in the new regulations. It explains some of the key concepts around what constitutes personal and sensitive personal data, consent, transparency and lawful processing.
It explains the rights of employees to access their data and how you should respond to data subject access requests (SARS). It also explains your responsibilities for ensuring that you keep personal data secure, complying with the regulations and tips on how to build privacy into your HR systems and processes.
Finally, we offer practical guidance on what you need to do next, provide some templates to help you develop an Information Asset Register and offer some ideas on privacy statements that you can adopt.
The stakes are high for businesses that do not comply with the GDPR. Regulators have the power to issue fines for up to €20m or 4% of turnover, (including substantial fines for administrative breaches). Most businesses will be keeping personal data for legitimate business purposes but putting a little effort in now to record this and review your documentation will ensure that you are prepared and keep on the right side of the law.
For more details, download the full guide here or call Julia or Angela for specific advice or for help to review your preparedness.