GDPR - what are we doing to prepare?
In May this year the current Data Protection Act will be replaced by the EU GDPR (General Data Protection Regulation. And even when we leave the EU the UK Government is committed to keeping our rules in step, so there is no getting away from it.
The GDPR is described by the ICO (Information Commissioner’s Office) as “an evolution not a revolution” but there are some important enhancements to the obligations on businesses and the rights of individuals.
In the new regulations, organisations must be fully accountable for protecting the privacy of individuals and able to evidence how they fulfil this obligation. New rights being given to individuals include withdrawing consent and having all personal data held erased (except where there is a legal requirement, for example for tax records).
The HR GO Group already takes great care when handling personal data but we are taking the introduction of GDPR as an opportunity to upgrade systems and processes and do some general housekeeping on the data our clients, candidates and employees entrust to us.
Steps we are taking include:
- Writing to all clients to confirm how we meet GDPR requirements and protect their personal data.
- Updating our Privacy Notices (published on the website) to make it easy for individuals to find details of how we use and protect personal data.
- Updating our terms of business and all policies to incorporate GDPR statements and guidance.
- Reviewing data retention periods to ensure we do not keep any data longer than strictly necessary.
- Revisiting consent to being contacted for marketing activities.
- Enhancing our IT systems to ensure we can easily comply with requests by individuals for information on what data we hold and to erase it if required.
- Seeking confirmation from suppliers involved in data processing that they are equally well prepared for GDPR.
- Rolling out training to all staff to ensure they are aware of changes under GDPR.
It’s easy to think that GDPR is primarily about electronic data, and it’s true that lapses in security in IT can result in risks to higher volumes of people, but we are making sure that everything we do applies equally to paper and offline transactions.