“Time is quickly catching-up with organisations still getting ready for GDPR. With 100 days to go, many HRDs will have May 25th etched firmly in their minds. Whilst it’s tempting to see GDPR as a burden, it should be viewed as more of an opportunity to review your current policies around collecting and storing data. It also provides the chance to ask fundamental questions about the way your employees, and the organisation as a whole, approaches data security.
“For HR teams, the major implication is the need to gain explicit consent from employees and candidates for the storage of their information and to allow for the ‘Right To Be Forgotten’.
“As a starting point, we recommend three key areas steps. Firstly, take stock of the personal data you already have and justify its purpose. If there isn’t one, data cleaning is a benefit, not a hindrance. Next, check with your HR software vendor to understand how your employees’ data is being stored and that it’s easily accessible for when it comes to handling requests to be forgotten. Thirdly, consider how you communicate internally and educate employees on the risks of poor data hygiene. Mandatory GDPR training sessions for all employees will help emphasise the importance of data security and protocols. The scale of the action needed will vary across businesses, so it’s key to examine this now before time runs out.
“The next few months are all about ensuring employee data is fully safeguarded, that you’re fulfilling your legal duty to your employees and the impending legislative requirements. By focusing on using the next 100 days to improve data transparency, GDPR provides a significant opportunity to build upon the trust between you, your employees and your clients.”