With new data protection regulations being enforced in May 2018, are you up to speed with what this means for your business? Tim shares his knowledge on the subject.
By Tim Frear
Many of us have heard about the General Data Protection Regulations (or GDPR for short) but what do we actually know about it? I was tasked at the beginning of this year with making sure that not only are we are up to speed with the changes we need to make internally but also that both we and (our clients) are compliant before May 2018! I have to confess that the entire project has been much harder than I first thought!
Initially I believed that we would just need to add a little verbiage on our new starter forms to say we comply with the new regulations, however, it’s definitely been far more complex than that.
With fines of up to 20 million euros, or 4% of annual worldwide turnover (whichever is higher), getting it right is a must for all businesses regardless of size.
So, what should you do? As a company it’s surprising how much information is held on our employees and in turn candidates who have applied for jobs. You need to decide if you really need to hold this information and for what purpose. You will need to think about a privacy or fair processing notice that details exactly what you use personal data for. How are you going to communicate this to your employees?
Do you use third parties or a payroll provider, what information do they need and hold on your employees? How do they hold and store this information and who do they pass it on to? If you think about a payroll provider they will be passing personal information to Government bodies, the HMRC, Child Support Agencies, pension and healthcare providers.
You’ll need to review and change your contracts and handbooks to incorporate the new regulations. Clearly defining what your expectations are of your employees, and having written policies is not enough; as a business you have to be able to prove you have communicated and trained your employees who handle the data on the new regulations.
The second part of the new regulations relates to data security, and where and how data is stored. I have to admit this is not my area of expertise and I do seem to get lost in the humdrum of IT speak, but hopefully over the next few months I will be able to give you a more concise summary of what’s needed! So watch out for it.
It all sounds quite daunting but there are many free seminars provided by law firms and IT companies that will help you with the legislation changes. May 2018 does seem quite far away but in reality, it’s just around the corner.
If you would like your handbook or contract reviewing to incorporate the new GDPR, just give us a call on 0113 287 8150 and we can help.
Leeds based HR180 is a team of superheroes in HR Outsourcing, Projects and Consultancy committed to work in partnership with organisations of all sizes to establish working policies to go above and beyond Employment Law requirements, to protect both employees and employers alike. We love to hear from you, so call us on 0113 287 8150 or hit the Rescue Me button.