The General Data Protection Regulation comes into force on 25th May 2018
The GDPR law aims to give employees more control over the data held on them and create a uniformity of rules.
This affects you, as your business holds personal data, not just on employees currently and previously employed, but candidates applying for jobs within your company.
The key principles of GDPR that apply to companies handling employee data are:
Gain consent – personal data should be processed fairly and lawfully and only for the intended purpose.
Data should be obtained only for specified and lawful purposes. This means that you may need to re-word previous consent from staff to hold data.
Data should not be kept for longer than necessary, for example if your company employs temporary staff then these details should not be kept after the employee’s contract has terminated.
Personal data should be processed in accordance with the individual’s rights under the act.
Data should be kept secure. you are required to make any notification of any securities breaches within 72 hours of becoming aware of said breach.
Personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.
It goes without saying that it’s a smart idea to conduct a full audit of all of your current HR data storage processes to ensure that you are fully GDPR compliant, and we suggest a full review of the following:
Recruitment processes and template documentation
Employee privacy notices ensuring they meet the new requirements
Data retention policies and practises
Processes and systems that deal with data subjects rights and monitoring of employees
Your contracts with recruitment and employment businesses
Any supply chain arrangements with data processors such as IT and outsourced service providers.
If you would like our team to complete an audit to ensure you are compliant or more information on the above please contact us: