How will GDPR change the way you process staff data?
From 25 May 2018, your staff will have more rights over the data you hold on them. But what exactly does this mean for your business? Let us explain.
The General Data Protection Regulation (GDPR) is not something you can just ignore. On 25 May 2018, the government will introduce a new Data Protection Bill. It will replace the current Data Protection Act and make sure that GDPR is brought into UK law.
You may have already started to think about how GDPR will affect the way you run your business. But have you thought about how it will impact how you manage your staff? This is just as important.
In preparation for this new legislation coming in, you might need to make some changes to your HR policies and procedures. Not sure where to begin? Let us help you get started.
In a nutshell, GDPR will give people more control over who stores their personal data and how it’s used. Some of the main changes under GDPR include:
- Anyone storing personal details will need to give more information about how they use this data.
- People will have more power to question why a company holds certain data on them. They can also ask the company to remove or update this data.
- Companies will need to get explicit consent from their employees to process their data. This must be through the employee opting in.
Failure to meet the terms of this new legislation could see your business face a hefty fine. Find out about the penalties you could face under GDPR.
How will GDPR affect my business?
This change in the law will mean that you’ll have to review your current HR processes. Here’s where you should start.
- Review the data you hold
You’ll need to be careful about how you handle employee data. This covers the data you receive during the recruitment process, throughout employment, and once their contract ends.
You should start to document the personal data you hold, where it came from, and who you share it with.
- Look at how you manage consent
You’ll have to make sure that your employees have explicitly given you consent to use their data.
In the past, you could put a clause in the contract of employment. But now, you’ll need a separate form for employees to opt-in.
You should look into how you ask for, record and manage consent and whether you need to change this.
- Update your privacy notice
You’ll need to review your current privacy notice and plan to make any changes in time for GDPR. Your privacy notice should explain your identity, how you plan on using the information you’re collecting and how long you’ll hold it for.
- Make sure your staff know their rights
You should make sure all your employees know their rights under GDPR. Many of these are the same as those under the old DPA, but there are some new updates.
Employees can now refuse to let you process their personal information. They can also request that you delete their personal data in certain circumstances. This includes if the reason for collecting the data is no longer valid or they withdraw their consent.
- Review your HR software
It might be worth investing in new HR software to help with the transition to GDPR. With BrightHR, you can store all of your documentation in one place so that there’s a paper trail.
Not only that, but your employees will be able to access the data you hold on them and delete it, to help you remain compliant with your employees’ ‘Right to be Forgotten’.
Not a BrightHR customer? Request your free demo today and we’ll show you just how easy it is to manage your staff data from your phone or desktop.