What will you need to change to comply with GDPR Regulations?
First things first, take a good look at where and how your data is stored and managed in your business, so you understand where you could fall foul of the new regulations. The main things to be aware of are:
The biggest thing to note when it comes to changes is about the notion of consent. Currently, consent to store and share data is assumed by the virtue of applying for a job or signing an employment contract. Under the new regulations, consent must be given freely, be specific, informed and unambiguous. It must also be separate from other terms and conditions such as the employment contract.
For example, employers are currently required to provide a privacy notice to job applicants that sets out how the data on them will be used and stored. The new rules mean that the applicant must be informed how long the data will be stored for, and how they can delete or rectify any data.
‘fess up if you breach
The GDPR imposes a new mandatory breach reporting requirement. Where there has been a data breach (such as an accidental or unlawful loss, or disclosure of personal data), the employer will have to notify and provide certain information to the data protection authority within 72 hours.
Be ready for more subject access requests
The other change affects subject access requests. These can be genuine, but sometimes used by disgruntled employees to go on a fishing trip and see if they can find the email that proves you hated them!
Currently, they have to pay £10 within 40 days, but this is changing. They will no longer need to pay anything unless truly vexatious and you have a calendar month to respond.
Auditel can help you prepare
The GDPR will affect all aspects of your business. Therefore, our advice would be to look at the Information Commissioner’s Office website and start to prepare for your whole business.
Time flies and there will be a lot to do between now and May 2018. To start your GDPR journey with Auditel, please complete the form below and a member of the team will be in contact.
This article comes courtesy of The HR Dept