How HR Can Prepare for the GDPR

How HR Can Prepare for the GDPR

How HR Can Prepare for the GDPR

In less than one year, the EU General Data Protection Regulation (GDPR) will come into force. Despite Brexit, the UK government has confirmed that it will comply with the GDPR.

As the GDPR will be formally adopted on 25 May 2018, your organisation should begin taking the necessary steps, if you have not already done so. There are three central standards to comply with:

  1. Privacy by design—Integrate data protection before implementing any new procedures. In addition, you should do the following:

    • Be transparent about the data you collect and how it will be used.

    • Minimise processing personal data where possible.

    • Encrypt personal data so it cannot be used to identify an individual.

    2. Increased rights of employees—An employee has three rights:

    • The right to know how and why his or her personal information is being processed.

    • The right to access his or her data and to have inaccurate data corrected.

    • The right to be ‘forgotten’, which requires an employer to erase personal data about an employee in certain circumstances.

    1. Accountability—To be considered accountable, an organisation must complete the following:

    • Appoint a data protection officer, if necessary.

    • Carry out privacy impact assessments.

    • Consult with the data protection authorities before new data processing activities can commence.

    • Keep records of all its processing activities.

    Start undertaking privacy impact assessments, reviewing your data management processes and auditing the data your HR team stores now to ensure that you are compliant in May 2018. If you would like to find out more about how your organisation can stay cyber-compliant, contact Weald Insurance Brokers Limited today.