Are you ready for GDPR data regulations?

news article

Posted:
Apr 12 2017

SHARE THISShare on FacebookShare on LinkedInTweet about this on TwitterEmail this to someone

The UK is shortly to undergo the biggest change to its Data Protection laws in over twenty years. General Data Protection Regulation, or GDPR, is due to come into force on 25th May 2018, and will replace the current Data Protection Act 1998.

What are the key facts?

  • The General Data Protection Regulation (GDPR) is replacing the Data Protection Act 1998 from 25th May 2018.
  • GDPR will harmonise data protection laws across the EU, and will update the current regulations to take full account of globalisation, and the ever-changing technology landscape.
  • The Regulation will apply to any company processing the personal data of individuals in the EU in relation to offering goods and services, or else to monitor their behaviour.
  • Significant penalties can be imposed on employers who breach the GDPR, including fines of up to €20 million or 4% of the businesses annual turnover, whichever is greater.
  • The level of fine will depend upon the type of breach and any mitigating factors, but they are designed to strongly penalise any employers who show a disregard for the GDPR.

How could it differ to the current Data Protection laws?

Under the Data Protection Act 1998, employers are required to provide employees and job applicants with a privacy notice, setting out certain information. Under the terms of the GDPR, employers might now need to provide more detailed information, such as:

  1. How long personal data will be stored for
  2. If data will potentially be transferred to different countries
  3. Information on the right to make a subject access request
  4. Information on the right to have personal data deleted or rectified in specific circumstances

The GDPR may also impose a mandatory breach reporting requirement, requiring employers to notify and provide key information to the data protection authority within 72 hours of any breach.

Will Brexit affect GDPR’s introduction?

The GDPR will continue to apply to UK businesses for now, regardless of Brexit. It should be remembered that the UK will continue to remain a part of the EU until at least 2019, regardless of the beginning of Brexit negotiations. The GDPR took effect prior to the triggering of Article 50, meaning we must still comply until at least the time we officially leave the EU.

Even on leaving the EU, businesses directing products and services at EU citizens may still have a legal requirement to comply with the GDPR.

Who else should be aware of GDPR in your business?

  • Data Controllers – They must provide more detailed information to data subjects as to how and why their data may be processed, and comply with stricter protocols.
  • Data Processors – They may be required to be responsible for certain regulatory liabilities for the first time.
  • ‘Data Protection Officer’ – If your organisation plans to process sensitive personal data on a large scale, you should be prepared to appoint a Data Protection Officer to oversee this process.
  • CEO / Key business Stakeholders – It is vital that your business’s decision makers are of aware of the GDPR from the outset, and able to work with you to build a solid strategic plan that addresses its challenges. ‘Buy in’ from major internal stakeholders is key to your business’s future success.

What can you do now to prepare for GDPR?

  • Read and absorb as much as possible on the subject. You and your team may need to fully understand how the terms of the Regulation will affect policies and procedures for recruitment, the course of employment, and when contracts are terminated.
  • Review and update all your existing data protection policies. It has never been more important to ensure that any changes or updates are clearly communicated to your employees. Equal opportunities policies may also need to be updated to explain any changes to the way in which sensitive data is stored and retained.
  • Health-check all your current business relationships with service providers, data processors and contractors. Do you need to make any changes to the way you do business?
  • Amend any documentation that alludes to data processing, as employees may now have rights to expect greater transparency in relation to this. Work with other key stakeholders to ensure that all personal data is processed properly.
  • Check that you have suitable systems in place to notify the regulator (and, potentially any affected data subjects) if a data breach should occur. Inform all staff on the correct procedure and response if this is to occur. Developing a data breach response programme is vital to ensuring the correct protocols are observed.
  • Check in with your IT team – you need to ensure that your IT system allows you to delete data in a comprehensive way, as data subjects may have a new ‘right to be forgotten.’
  • Employees may have an enhanced right over any use of their data in a professional environment. Employers may need to take steps to ensure that employees have expressly consented to the use of their data – with this in mind, you should consider using a separate form for this, rather than including it as a clause in an employment contract.
  • Review all your current privacy notices, and update them to ensure they comply with the more detailed information requirements. All information included must be easy for employees and job applicants to understand.
  • Review any arrangements you may have involving personal data being held outside the UK.

FREE INFORMATION PACK

BOOK A FREE DEMO

HR SOFTWARE

  • HR

    Cascade’s Core HR solution is a powerful, proactive and dynamic solution that offers a huge amount of standard functionality” from the HR page.more...

  • PAYROLL

    Cascade isn't a HR system with a bolt on Payroll system from another supplier. Cascade is an integrated HR and Payroll solution from one supplier.more...

  • AUTO ENROLMENT

    The module will bring the administratively-complex process of auto-enrolment to life, making it incredibly clear what HR and payroll professionals need to do and when. In turn this will allow each department to retain control over their own tasks at the same time as encouraging legislative compliance.more...

  • RECRUITMENT

    Cascade delivers a comprehensive and powerful recruitment solution designed to reduce administration and ensure best practice.more...

  • ONLINE RECRUITMENT

    Online Recruitment represents the next generation in online recruitment functionality for your organisation's own website.more...

  • EXPENSES

    Employee expenses and mileage claims have now been made even easier to process, saving time and increasing efficiency within your organisation.more...

  • TIMESHEETS

    Gain efficiencies through minimizing costs and maximizing employee time, with zero paperwork and maximum control.more...

  • SELF SERVICE

    Rolling out Self Service to Employees and Managers presents huge benefits to everyone but there are risks.more...

  • TRAINING

    Cascade reflects the need to take each employee and assess their individual training and development requirements.more...

  • WORKFLOW

    Cascade introduces workflows, best practice workflows and authorisation routes to ensure efficiency and guarantee no task is left incomplete.more...

  • MOBILE APPS

    Cascade's Mobile Apps module allows you the HR team and your organisation to engage even further with your employees.more...

Related Posts

Book a free demo

Call 0113 230 8600

Get a Free Info Pack

ABOUT CASCADE HR

Cascade HR is a well-established, award-winning provider of fully-integrated HR and payroll software. The company is renowned as much for its quality of project management and ongoing customer service levels, as it is its dynamic technology. Over 

CONTACT CASCADE HR




captcha