Is your business ready for the General Data Protection Regulations that come into force in May 2018?
The GDPR is a new regulation which has been created to strengthen and consolidate data protection for all individuals within the European Union (EU). Employers will be required to carry out audits of employee personal data that they collect and process to ensure it meets the GDPR. Regardless of the size of your business you must comply!
Click on the link to find out what steps you should take now: Preparing for the GDPR -12 steps
The Information Commissioner’s Office has two new online self assessment checklists (one for data controllers, and another for data processors) to help your organisation get ready for the GDPR.
Before undertaking their self assessment checklist you should first determine whether your organisation processes personal data as a “data controller” or “data processor”
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
- If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
- However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
UK organisations will still need to comply with the GDPR, regardless of Brexit (GDPR will come into force before the UK leaves the EU. The ICO has confirmed the government’s position that the Regulation will apply).
The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
In some instances, organisations will process personal information as both a controller and a processor. When this is the case, the ICO advises that you complete both assessments.
Data Controller Checklist (External link)
Data Processor Checklist (External link)
Human Resource Management System
We have a system that can help!
- One central system for all your employee data and documents.
- Employees have access to their own data as standard.
- Everyone can see the data they need – no more no less.
- Keep data up-to-date – make employees responsible for keeping their own records accurate.
- Easy to delete records no longer required, including recruitment records.
Don’t miss out:
50% off for 6 months if you have up to 250 employees (offer valid until 31st December 2017).
*Special reduced packages for UK Registered Charities
Contact us today to find out more