GDPR in the workplace

  • Nicole Mikulla
  • 21/09/2017
  • 07:00
Tags:
  • Recruitment
  • Insights
  • Candidate
  • Client

The term GDPR has been bandied about for the last few months but how much do you really know and understand how it will impact you? You may think that if you don’t handle or store customer data you have dodged the GDPR bullet, but have you considered your employee’s data? With those 4 little letters comes a very hefty 4% of your organisations' global annual turnover fine if you are found not to be compliant.

We know it’s a daunting prospect! The Data Protection Act has been around since before the millennium! As the largest provider of staff world wide we are very aware of the impact this could have for us and our clients across Europe and have a dedicated team ensuring compliance across our group.

Protecting your employees data

The EU General Data Protection Regulations (GDPR) are coming into force in May 2018, the emphasis is on protecting internet consumer data, however, employers should be mindful that their employee data will also fall under GDPR.  Concerning figures from the research firm Gartner indicate that by the end of 2018, more than half of companies affected by the GDPR will not be fully compliant with the new requirements, so let us help you get ahead of the game! We hope that our series of blogs will help alert our clients to some of the major issues on the horizon.

These data protection changes will impact on a range of HR activities, from handling recruitment and employer references through to record-keeping, retention of information and data protection practices across the function. It is therefore vital that you understand the new regulations and the impact of not being compliant.  CIPHR CEO advises that “The main changes are around access, rectification, deletion and transfer rights, as well as new requirements around reporting a data breach”.

The new regulations are intended to raise the bar of both privacy and protection and will fundamentally require more planning and documentation. HR managers will need to ensure that they use these changes to tighten procedure, update training and awareness programs and define their governance role across both privacy and security. It’s therefore key that you know not only how your organisation will approach GDPR compliance, but also what your suppliers are doing to update their products inline with the new requirements and see what training and advice they can provide.

Failure to demonstrate compliance or the ability to comply could lead to fines of up to €20m or 4 percent of organisations' global annual turnover; whichever figure is larger.  

The CIPD approach

One of our key partners is the CIPD; we jointly produce quarterly reports on the UK wide Labour Market Outlook. The CIPD advises that “it’s important that employers understand their responsibilities and potential liabilities under data protection law. Organisations that ignore their obligations risk damage to their reputation and potential prosecution in the courts”. They recommend a three pronged approach:

  • Follow The Employment practices code: https://ico.org.uk/media/for-organisations/documents/1064/the_employment_practices_code.pdf
    This code offers supplementary guidance to the 12 steps outlined by the ICO. This code covers, recruitment & selection, employment records, monitoring at work and Information about workers health. However it is worth noting that there is already current legislating surrounding how most employment files and records need to be maintained under the current Data Protection Act 1998
  • Be Prepared!

Supporting our partners

Spring understands that this is a daunting prospect and many are still in the dark as to which is the best way forward. In support of this, and to create a forum for which our clients and experts can work together, Spring are hosting an event in Leeds on 7th November. Please register now to attend.