This is not a drill. The General Data Protection Regulation (GDPR) lands in two days.
Yes, that’s right. The new law you’ve been hearing about over the past few months will finally come in on 25th May 2018.
GDPR will change how you run your business and manage staff data. But it could leave you out of pocket by €20 million or 4% of your annual turnover if you don’t follow its rules.
I haven’t started preparing, what should I do?
Now is not the time to bury your head in the sand.
Especially as Elizabeth Denham, the UK Information Commissioner, said that her office will be more lenient on non-compliant companies after 25th May if they show they’re aware of GDPR.
So what are the main steps you should take before the new law comes in?
Here are 5 last-minute tips to help you get started:
- Carry out an audit of the personal data you hold, where it came from and who you share it with.
- Review your privacy notice to make sure the information is clear, easy to understand and free for your staff. To find a privacy notice template, head to our download centre.
- Update your Subject Access Request (SAR) procedure to include how you’ll respond to a data request (for example to update or delete data) within the new one-month timescale.
- Review how you ask your staff for permission (also referred to as consent) to use their data and the way you record and manage these permissions. Your staff need to give clear and informed consent to you using certain types of data.
- Come up with an emergency plan for spotting, reporting and investigating a security incident where staff data is at risk.
Let’s face it though, the Information Commissioner’s Office is unlikely to knock on your door on 26th May and want to review your staff data.
So there’s still time to comply with GDPR even after the deadline passes. Follow these 12 steps to prepare for GDPR.
So there isn’t a quick fix then?
Not exactly. But the right HR software could help make it easier to comply with GDPR.
With BrightHR, you get unlimited HR document storage space. That means you can store all your staff’s data in one place and safeguard confidential information with our secure cloud-based software.
You won’t fall foul of asking your staff for irrelevant data with our standard employee profiles. And your staff will be able to spot and raise any mistakes on their profiles themselves.
That’s not all. If an employee asks you to delete a piece of their data, you can reassure them that we’ll remove it permanently.
And if you have a question about GDPR, you can use our employment law helpline to get quick legal advice from qualified experts.
Get a free demo today to see how BrightHR can help you with GDPR—before time runs out.