It is finally here, in just 9 days we will all be GDPR compliant won’t we?!
We are sure everyone is working towards the new data protection principles incorporated into the new Regulations. The main basis of the change is to move us all into the 21stCentury in relation to how we store and process data in view that most of this nowadays is on line, our marketing has increased, and more organisations have our data.
We have previously provided our Top Ten to prepare for 25th May and the below checklist can be read in conjunction with this or independently. Below is your final checklist to ensure you have the key areas in place:
- A publicly accessible Privacy notice usually in place where you collect data from employees explaining to them what you are collecting and why and then what you are doing with the data.
- You can do one privacy notice for all employees, this ensures it is separate to the contract and gives you room to explain all the details which are gathered and how they are processed.
- Check application forms, medical questionnaires, Next of Kin are they up-to-date, were they gathered for a legitimate purpose, are there any sensitive data held on there that needs to be stored correctly
- A Data Protection Policy reflecting the new General Data Protection Regulations and communicating this to your employees
- Carry out an audit of your current files and keep only the information you need about the individual for the continuing purposes of their employment.
- Request from third parties who process your employees’ data, for their privacy notices to ensure they are compliant with GDPR requirements and you are fully aware of what they are doing with this as processers of the data.
- Register with the ICO if you are processing personal data, all information for this is on the ICO website in easy to follow format.
- You have created awareness amongst those individuals who process data as to what they are doing with the data and why
- Make sure your technical security is up-to-date. Speak to your IT providers for how they have complied with the new regulations and that any data you either hold or pass on is secure.
Good luck !
If you need any further advice on the HR related impact of the GDPR please contact one of our HR Consultants on 07989 343361 or email us and we can call you back firstname.lastname@example.org .
We have all heard about the new Regulations which will be effective from 25th May 2018 but are you ready for this latest piece of legislation which amends the Data Protection Act? Teme HR Consultancy have put together the top 10 things to think about with this new piece of legislation
- Ensure all personal data is kept securely and you have processes in place which will ensure this security. Any breach of security in that the personal data becomes known to those outside of the organisation is what could lead to fines being issued, which, as stated by the Regulations is up to 4% of your turnover
- Assess all procedures of processing personal data so that you are fully aware of who will come into contact with personal data. You need to be transparent as to who will be handling the data so that the data subject is aware who will see their data
- Gain complete understanding and buy in from all senior leadership teams so that they are fully aware of the new Regulations, leading from the top is the best way to help ensure compliance and full understanding
- Assess why you need any personal data you hold; do you have a legitimate business reason for holding this data? If not assess whether you have consent from the individual
- Review all places you hold data, hard copy files, electronic databases, spreadsheets of information, emails where you have passed data to someone else within the company or even outside, is this data secure, has it gone outside of the business, does the data subject know their data could be sent to these people?
- Are your privacy notices up to date, do they reflect the changes in regulations? These may need addressing to ensure they comply with the new Regulations
- How do your suppliers process personal data, what have they in place. Additional requirements are being introduced when using data service providers outside of Europe, and your suppliers should be aware of these changes by now.
- Have you considered IP addresses as personal data? This could be part of the Regulations, ensure you are fully aware of IP addresses as well as any other online applications and how they are stored and accessed
- Do you have CCTV, have you the right policies in place to ensure you are monitoring with consent?
- The key question is – do I really need this data!
So, are you GDPR ready? If you need any further advice on the above or want to ensure your business is ready for the new Regulations but need some help or advice, or an audit on your current situation, please do not hesitate to call one of our HR Consultants on 07989 343361 or email us on email@example.com and we will be happy to talk through with you.