Does your organisation have everything in place for GDPR?
For HR teams, the lawful processing of employee data may need to be revisited as much has changed since the DPA – and your efforts to bring your organisation into line with GDPR requirements must be documented. It is not enough to comply; you have to be seen to be complying.
After 25th May 2018, if you are still relying on employee consent as a lawful basis for processing their personal data, you are unlikely to be compliant with the GDPR. As an employer, your position of power makes it unlikely you can offer employees a genuine choice over how you use their data, and for consent to be lawful it must be freely given. Consent also gives additional rights to data subjects, including the ‘right to be forgotten’, which means employees can request for their data to be erased.
You should be reviewing your current data protection and employee policies and practices, your existing employment contracts and staff handbooks for transparency in the way HR data is used, the purposes for which it is used, and where it is processed. Your staff should have a clear understanding of the language used in all these documents and need to be confident they not only know their own rights, but also how to handle the different categories of data they may process in their respective roles.
With little over a month until the GDPR comes into effect, most likely your line managers are looking to you for help with understanding the rights of their direct reports, job applicants and their own responsibilities under the GDPR.
If you need help with this, or any other matter concerning your HR compliance with the GDPR, please drop me a line at firstname.lastname@example.org or on my direct dial 07856 039769
Posted by Andrea Hennessey (HR Project Coordinator) on 19th April 2018