HR and Payroll specialist MHR is reassuring organisations not to panic if they failed to meet last Friday’s deadline to be fully compliant with new General Data Protection Regulations (GDPR).
GDPR is the biggest change to data protection since the Data Protection Act 1998, providing people with greater control and choice over the personal data companies hold on them while imposing new greater obligations on organisations to be more transparent about the data they store and manage, with heavy fines in place for serious violations.
Despite months of scaremongering in the news and weeks of “privacy” emails flooding our inboxes, it is anticipated that most organisations will have failed to hit the GDPR deadline.
Lesley Holmes, Data Protection Officer at leading HR and Payroll specialist MHR advises businesses not to panic. She says: “If you failed to meet the GDPR deadline it is not too late to start your compliance journey.
“From an employer point of view the biggest priority is to tell individuals what you’re doing with their personal data and get your privacy notice done as soon as possible.
“As a first point of call you must identify what data you hold, why you collect it, what you do with it, the legal basis for doing so, how long you keep it for and who you share it with. By identifying the what, where, when, why and how, you can take your first steps towards compliance.
“If you can demonstrate high standards of data management, then you are well placed to improve your operations and build customer confidence and loyalty, not to mention the peace of mind that comes from knowing that you’re minimising the risk of a potential breach and the damage this can cause to your business.”
Top Tips for HR and business leaders to get GDPR compliant
- Tell your employees what you are going to do with their data.
- Provide proper, regular GDPR training for all employees. All departments must be armed with knowledge if they are to successfully navigate the road ahead – and avoid those eye-watering fines.
- Know the extent of the personal data your company processes and how it is used. A data audit will provide a clear picture of where you stand and what you need to do in order to achieve compliance.
Revise, rewrite, update
- Review your current business data processes. Consent clauses, where used, need to be looked at and possibly rewritten, with consent being re-obtained if you can’t use the soft opt-in. Contracts with third parties need to go through the same process, and systems need to be in place to cover the range of new employee rights.
- Review and update your data processing system, checking for gaps in compliance.