The HR department owns and processes sensitive data about your company’s employees, so there are several measures that you must apply as soon as possible to align with the GDPR requirements.
How much will take for you to align with it is difficult to predict, but the use of an HR software complying with the GDPR requirements will surely shorten the time needed and will simplify your entire alignment process. Please find out what measures you should apply now in order for the month of May 2018 to find you well prepared.
Data Protection Officer
Even if the GDPR does not oblige you to hire a Data Protection Officer, you should think seriously about working with a specialist in the field to help you meet the new requirements, to provide you with training, drafts of procedures and policies, to be a contact person regarding the authorised data protection authority, and to advise you in general on issues relating to the GDPR.
You decide if you hire a DPO or you designate someone internally. If you choose someone within the company, you’d better find out the training needed, what role it will accomplish and ensure that it won’t conflict with other existing charges it must accomplish.
The consent received in employment contracts
According to the GDPR, consent to the processing of personal data, in the absence of justified reasons, must be provided freely, in an informed and explicit way. Many employers currently have permission to process data under the consent given by means of the employment contract, but there is little chance that this mechanism will be effective in the future.
What does justification mean? It may be the need to process certain data to measure performances or protect the interests of your employees. The most problematic are sensitive personal data, such as civil status, health, criminal record. From now on, you will justify the need to hold this information.
You really need the audit of the personal data you have about your employees. You need to know what data you own and why you process them. If there is no legal justification to collect and process the data, then you will have to delete everything that means unnecessary data and personal data for which you do not have a valid consent.
Issuing privacy notices
Once GDPR requirements come into force, employees will be entitled to request detailed information about how you use their personal information. It is not enough just to justify why you process their personal data, but you must also provide the legal basis that allows you to do so. The information they provide to employees must be concise, transparent and easy to access.
The most important thing is to outline clear and simple privacy notices for your employees. These notices must reach all your employees and you would rather do so as soon as possible before the entry into force of the GDPR.
Violation of personal data security
Along with the GDPR, any breach of personal data security must be reported to the data protection authority, and this must happen within 72 hours. In addition, if the breach has an effect on the rights and freedoms of the employee, then the employee must be informed without delay of the situation.
You need to establish a procedure to immediately notify this time of violations. This plan could be set up and coordinated by the Data Protection Officer (DPO). Your employees should also be encouraged to report such situations which may be caused by a human error, such as a memory stick with employees’ data lost in a conference room. It is important to report back to avoid the penalties of the authorised data protection authority.
Access requests from targeted persons
Access requests from data subjects are somewhat controversial because they are often used by former employees or dissatisfied employees to collect information that arrives at the court in a lawsuit against the employer. According to GDPR, as an employer, you are required to respond to requests from employees or former employees within one month.
The more requests you’ll have, the harder you will face them in the absence of a software system able to help you quickly identify the required data and their traceability. If you already use such an HR software, it’s good to assess whether the way it is set up at this time complies with your company’s new policies and procedures, that help you meet the GDPR requirements and what other functionalities would be an extra support for you. For example, you could give your employees transparent access to as much of their personal data as you own and process so that no such requests are needed.
The GDPR is the legal framework we need in a highly digitised world, and you need to apply these measures because beyond the big fines you risk receiving, the compliance with the new regulation helps you build a trust chain.
Do you want to know more about how to overcome the GDPR challenges?
Learn how an HR software can help you legally and safely manage the personal data of your employees and applicants. Get a free HR software DEMO now!
The website eu.sincronhr.com uses its own cookies and third-party cookies to provide visitors with a better online browsing experience and services tailored to the needs and interests of everyone.
In this notice, you'll find details about what cookies are, how we use them, the types of cookies that can be placed by visiting our site, and how you can manage, delete or reject them.
What is a cookie? An "Internet Cookie" (also known as "cookie browser" or "HTTP cookie" or simply "cookie") is a small file of letters and numbers that is stored on your computer, mobile terminal or other equipment of a user on which the Internet is accessed. The cookie is installed through a web browser (eg Internet Explorer, Chrome, Mozilla Firefox) and is completely "passive" (it does not contain software, viruses or spyware and can not access the information on the user’s hard drive).
Cookies themselves do not require personal information to be used and, in most cases, do not personally identify Internet users.
On this website, depending on their purpose, we use the following types of cookies:
Functional or preferences cookies - allow a site to retain information about the changes you make on how the website behaves or shows, such as your preferred language or region. These cookies are not essential to the use of the website. However, without them, certain functionalities may become unavailable.
Analytical or site performance cookies - collect information to statistically analyze how the site works. These cookies help us: understand how our site is being used, how effective our marketing campaigns are and how to personalize the site to improve your experience.
Analytical cookies may include advertisements on third-party websites. These cookies allow us to monitor and improve the functioning of our website.
Advertising cookies - these cookies can be set by us or by third parties, being used to show you more relevant advertising messages. For example, they prevent the same ad from reappearing continuously, ensuring the correct display of advertising messages and, in some cases, enabling advertising to be served according to your interests.
For more information, click here