Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .




Jo Stubbs, Head of Content at XpertHR Group

Jo Stubbs

Jo Stubbs

The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018. It replaces the Data Protection Act 1998 in the UK and marks the start of a radical new data protection landscape, with significant penalties for non-compliance.

In general, the impact on the UK’s financial sector will be significant given the huge number of records and data transactions they handle every year – but organisations also specifically need to consider how the GDPR will affect them from an HR perspective.

XpertHR research[i] carried out earlier this year suggests that the vast majority of HR professionals do not have a good understanding of the upcoming GDPR, with 51% of respondents describing their level of understanding as low, and 45% saying they had only “some” understanding. Just 4% of respondents said they had a good understanding of GDPR requirements.

With six months to go, it is imperative organisations understand the implications of GDPR from an employment perspective or they risk heavy fines, as well as potential reputational damage for failing to comply. Fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is greater, could be levied.

Ensuring compliance will require substantial investment in terms of money, organisational resources and management time, so the sooner companies start preparing the better.

What are the implications of the GDPR for HR?

The GDPR will introduce a system of “data protection by design and default”, requiring organisations to take data protection risks into account throughout the design and operation of all policies, processes, products and services – including HR policies and procedures.

While employers currently typically rely on employee consent to process their data – often given via a broad clause in employment contracts – under the GDPR this will be much harder and they will generally have to find an alternative basis. In addition, employers will be required to keep extensive records, including the type of employee data they process and the reasons for processing it.

Employees’ right to receive a copy of all data held on them by their employer will also be strengthened, with fees for such data subject access requests removed and a shortened time frame for employers to provide the information.

How can companies get ready?

It is vital for employers to secure board and senior management level buy-in now to effect compliance across the organisation within the required time frame. They should identify key stakeholders and ensure that the organisation has an executive sponsor on board to support the project through to May 2018 and beyond.

Employers will need to allocate sufficient resources to ensuring compliance with the GDPR, considering the size of their organisation, the types and volumes of data it processes and the level of risk. There is no “one-size-fits-all” solution and the organisation’s structure and culture will play a large part in how it implements its compliance programme.

Cross-functional team work will be crucial and organisations will need their legal, HR, IT and compliance teams to take an integrated approach. They will need to bring together a team with the necessary skills and expertise to develop and implement a compliance programme, setting out the tasks, responsibilities and reporting lines of the individuals involved.

Once the team is in place, it will be important for it to work with each business area to identify the specific privacy risks to which the organisation is exposed, and how the organisation can mitigate or avoid them. The team should carry out an initial review of existing data processing practices against GDPR requirements and identify gaps between current practice and GDPR requirements and assess the level of privacy risk.

Once an organisation has conducted this initial audit and risk assessment, the next step is to develop and implement a GDPR compliance programme, prioritising compliance activity and remedial measures based on areas with the highest risk and most significant impact. The organisation may need to adjust its initial estimate of time frames once it has started its compliance efforts and has a better understanding of how the GDPR requirements relate to its data processing practices and IT systems.

The implementation of a structured programme will assist in mitigating the risk of a fine and reducing the severity of any infringements. Employers should aim to be compliant by 25th May 2018, but this may be challenging in practice, so they should focus on the most important and riskiest areas first.

XpertHR has produced a guide providing an overview of the GDPR changes relevant to HR and the strategic considerations for organisations developing a compliance programme. The guide can be accessed here.


Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post