On May 25th this year, the General Data Protection Regulation (GDPR) will come into effect across the EU, replacing current data legislation of individual EU member countries.
With a brief of protecting the rights of data subjects, it is a hugely significant piece of legislation and one which will have important ramifications for countless businesses across the EU.
Of course, it is essential that your business is compliant with the GDPR. One of the areas that will come under particular scrutiny will be that of human resources and, with that in mind, let’s take a look at how HR managers can best ensure they’re ready for the new regulations.
It is important to note that under the new legislation, any data access request by an employee must be complied with within one month. Currently, the timeframe is 40 days with the option of charging a fee of €6.35 for such a request. That fee is being abolished under the GDPR.
GDPR rules will require businesses to be able to demonstrate compliance with regulations, which means that records must be kept of all data processing activities. This applies across all areas of your business where employee data is used, and includes data stored by third parties if they are contracted for purposes like recruitment or payroll. If in doubt, double-check!
The definition of consent
Consent in the context of employment can be a thorny issue, and the GDPR rules state that consent by acquiescence, or reluctantly without protest, will no longer be tolerated. Mindful of potential ramifications of consent, or lack thereof, between employee and employer, the GDPR defines consent as a “freely given, specific, informed and unambiguous” statement or affirmative action.
Make sure that when employee consent in relation to data is sought and given, that it is in full compliance with the new regulations.
Sanctions and fines
Data controllers and processors can be fined up to a maximum of €20 million or 4% of total global annual turnover, whichever is higher, in the event of being non-compliant. The possibility of class actions has also been introduced by the introduction of the GDPR. Training your staff will be essential to ensuring that costly mistakes are avoided.
With the new regulations coming into effect in just a few short months, it is imperative that HR managers, and indeed all departments processing subject data, ascertain what data they hold, where it is being kept, why it is held, who it belongs to, and how long it needs to be kept for.
Once you have established that, you’ll be in good shape to determine what needs to be done to ensure that you remain compliant with the GDPR.