In part 3 of our series on the GDPR, we focus on the role of the HR department and how they can best adhere to the new regulations. With the enforcement date for the General Data Protection Regulation (GDPR) fast approaching, many companies are in the final stages of preparation for the May 25, 2018, start date. While the GDPR will affect how many departments and companies will handle data, the often overlooked HR department may not have received the consideration it deserves. We have compiled the top 5 things HR should know about the GDPR.
The GDPR will be enforcing several employer/HR-related processing and handling procedures as an HR professional, you should be aware of.
Data Protection by Design:
This concept requires employers to make data protection a key component when designing policies, processes, products, and services.
Data Protection by Default:
This concept requires employers and anyone who collects personal data to only collect the data required for a specific purpose. This means that if you only need a name and address, you can’t collect and retain birthday, email, or any other information not specifically needed for that process.
The Right of Data Portability:
This one is a bit tricky. The right of data portability means an individual has the right to move digital data from one entity to another. For HR this rule only applies to personal data provided by the employee and does not cover data collection required by law. This law would also not apply to things like performance reviews or disciplinary actions.
The Right to be Forgotten
This one is also a bit narrow when it comes to HR. This right allows employees to request you delete files containing their personal data that is no longer necessary for the purpose the data was collected for. This does not apply to any data an employer is required by law to obtain or any data that is necessary to establish, pursue, or defend legal claims.
Periodically Review GDPR Regulations
With how big and far-reaching the GDPR will be, it will be a good idea to periodically review your records and procedures to remain compliant. This is not a one-off event, this is the new normal.
HR departments, as a whole, have a lot on their plates and the GDPR might seem like it is just adding unnecessary complications. Granted, it is a new system and will require effort, but overall it is a huge step for the rights of subjects to their personal data. These 5 considerations could keep your HR department stay on track when it comes to the GDPR.