So 25th May 2018 has finally been and gone and all our efforts to ensure that all personal data and information is kept secure and safe has been undertaken.
The burning question is what now? How do we continue to remain compliant with EU Law and the even bigger questions are what is included and how do we do it?
You may not be aware that the perils of GDPR will still continue as it’s a continuous process of monitoring, updating and improving on collecting, monitoring and storing personal data.
The key issues that Employers will need to include are:
• Ensuring that all records and notices are updated
It is a continual process of conducting Audits of all personal data collected and processed. Think job applicants and also existing and former employees. What are you doing with this data? Where are you storing it? Why are you keeping it?
Think about what data you are collecting, how you collect it, why you do this and what is the legal basis for processing it? Where is it stored? Whom is it shared with?
How is it kept secure and when is it deleted? Who has access to it?
Lots of questions but these are so imperative to ask yourselves in order to remain compliant.
• Ensuring that personal data kept is necessary
Employers need to ensure that the personal data that you keep is necessary and when it is not fitting into that compartment anymore then does it need to be deleted? Data Inventories & Registers need to be reviewed and updated on an on-going basis so they remain accurate. In particular look at any new data processing activity you roll out to job applicants or employees and check that it meets the required legislation.
• Ensuring that you are prepared for Subject Access Requests.
As part of the new regulations any individual (employee) is able to request access to their personal data and ask what is stored, how it is stored and basically what you the employer is using their personal data for.
Organisations need to ensure that they have the processes and procedures in place to respond to any request an individual makes and that those processed and procedures that you have complied with GDPR.
Ask yourselves…….Are there processes in place to locate and respond to a data subject access request within the one-month deadline? Do you have the necessary resources in place to respond to someone requesting that inaccurate data needs to be corrected? Can your HR Department locate all the relevant data and update the inaccuracies within the one-month deadline?
• Staff Training – Forewarned is forearmed!!
One of the most beneficial and key elements in order to remain compliant to the GDPR process has to be Staff Training. Employers should ensure that all employees undertake regular Data Protection Training so they know how to handle personal data properly.
• What are the Risks if I am not GDPR Compliant?
The risks of failing to be GDPR compliant are quite widely known to be very hefty fines and of which are significantly increased on previous regulations.
So, employers will be wise to ensure that all of this blog’s advice is met to avoid any unpleasant surprises!
Whatever an organisation is doing to become GDPR compliant it must realise 25th May 2018 was not just one day in the year…. it’s going to be an ongoing and evolutionary compliance journey well into the future!
If your business requires GDPR advice and support please call Westcountry HR on 01626 367595.