The deadline for GDPR compliance has swiftly crept up on us, and now we have under a month to go until punishments come into force. With that said, many organisations are beginning to panic over how their industry sector is going to be affected by the new regulations. GDPR penalties could set your organisation back a whopping £15.3 MILLION or 4% of your annual turnover (whichever is greater), so compliance is a must! The 25th of May is the deadline for compliance.
However, the GDPR isn’t something that you need to panic about. It’s not aimed at catching organisations out, it’s about protecting everyone’s data rights. As long as you can demonstrate your commitment to the basics of the regulations, you’ll avoid those massive fines. Having the right knowledge and training goes a long way in demonstrating this.
HR security responsibilities
Under the GDPR, any data breach must be reported to the ICO within 72 hours. This means you’ll need to review your current data breach reporting mechanisms. Employees who could potentially suffer harm from a breach will also need to be notified “without undue delay.”
It’s vital that you review your security provisions and that you consider any potential issues that could arise because of the way that you store data. Depending on how sensitive the data you process is, it may be necessary to appoint a Data Protection Officer (DPO) to oversee any of your organisations' data processing activities.
Remember, as a member of HR, you have access to some very sensitive employee information - from bank details to health data. This means you need to be particularly careful when it comes to data security. Any breach could end up being very costly - to the subject and your company.
Employee rights under the GDPR
Employees have the right to find out:
- What personal data of theirs is being processed;
- Why it’s being processed;
- Where it’s being held, and for how long; and
- How it’s being protected.
If any employee requests any data your organisation holds on them, you must provide them with a free copy within a month of their request. So you must have a system in place that allows you to easily do this.
You’ll also need to ensure that any personal data is accurate, complete and up to date. This could have implications if employees are utilising self-service software, so a review of how this information is processed is advisable.
Your employees should also know exactly why you need their data, and you mustn’t use it for any other reason without a lawful reason for doing so.
The new legislation gives individuals the right to access, correct and erase information that is related to them. So, this entitles your employees to greater transparency in relation to the personal data you hold and you must have a process for correcting or changing it, if necessary.
Online GDPR Training Courses
GDPR is going to be enforced in under a month, and hopefully, you’re prepared for the change from The Data Protection Act 1998. However, it’s not the end of the world if you’re not sure how the GDPR will affect your organisation, as we offer an Online GDPR Essentials Training course AND an Online GDPR Training course for managers.
Both courses are available to try for free! Each course only takes around 40 minutes to complete; which sounds a lot better than dealing with a £15.3 MILLION fine?! Begin working towards compliance today!
Browse all of our HR Compliance Training courses.